Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Powershell local (-log) or remote (-file) arguments shows no results #13

Open
tsale opened this issue Aug 4, 2019 · 1 comment
Open

Powershell local (-log) or remote (-file) arguments shows no results #13

tsale opened this issue Aug 4, 2019 · 1 comment

Comments

@tsale
Copy link

tsale commented Aug 4, 2019

I have an issue where where the script local (-log) or remote (-file) arguments shows no results. There is no error so it looks like it cannot find anything even though there are event IDs that should match on the "Microsoft-Windows-PowerShell/Operational.evtx" log.

Can you please help me to troubleshoot this?
@resv
Copy link

resv commented Mar 16, 2024
edited
Loading

I'm also having trouble with this as absolute path of an exported evtx file was not working. I believe line 632 function Check-Options($file, $log) could be the culprit.

Quick test to get it working: Create a directory within deepblue with the imported evtx file.

then run e.g.:

(For a folder you created within the deepblue directory using "."):
.\DeepBlue.ps1 ".\< Created folder name of your imported logs>\< Event Log Filename >.evtx"

(For a folder you created at the parent directory above deepblue using ".." ):
.\DeepBlue.ps1 "..\< Created folder name of your imported logs>\< Event Log Filename >.evtx"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@resv @tsale