1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83
| $collector = Collect-SystemLogs -CollectionID "COLLECTION001" ` -LogTypes @("Application", "System", "Security", "Custom") ` -CollectionMode "RealTime" ` -CollectionConfig @{ "Application" = @{ "Source" = "Application" "Level" = @("Error", "Warning", "Info") "Filter" = "EventID > 0" "Retention" = 7 } "System" = @{ "Source" = "System" "Level" = @("Error", "Warning", "Info") "Filter" = "EventID > 0" "Retention" = 7 } "Security" = @{ "Source" = "Security" "Level" = @("Success", "Failure") "Filter" = "EventID > 0" "Retention" = 30 } "Custom" = @{ "Path" = "C:\Logs\Custom" "Pattern" = "*.log" "Filter" = "LastWriteTime > (Get-Date).AddDays(-1)" "Retention" = 7 } } ` -LogPath "C:\Logs\log_collection.json"
$analyzer = Analyze-SystemLogs -AnalysisID "ANALYSIS001" ` -AnalysisTypes @("Error", "Performance", "Security") ` -AnalysisMode "Pattern" ` -AnalysisConfig @{ "Error" = @{ "Period" = "7d" "Patterns" = @("Exception", "Timeout", "Connection") "Threshold" = 10 "Report" = $true } "Performance" = @{ "Period" = "7d" "Patterns" = @("Slow", "HighLoad", "Resource") "Threshold" = 5 "Report" = $true } "Security" = @{ "Period" = "7d" "Patterns" = @("Failed", "Unauthorized", "Suspicious") "Threshold" = 3 "Report" = $true } } ` -ReportPath "C:\Reports\log_analysis.json"
$archiver = Archive-SystemLogs -ArchiveID "ARCHIVE001" ` -ArchiveTypes @("Application", "System", "Security") ` -ArchiveMode "Compression" ` -ArchiveConfig @{ "Application" = @{ "Period" = "30d" "Compression" = "GZip" "Encryption" = "AES" "Retention" = 365 } "System" = @{ "Period" = "30d" "Compression" = "GZip" "Encryption" = "AES" "Retention" = 365 } "Security" = @{ "Period" = "30d" "Compression" = "GZip" "Encryption" = "AES" "Retention" = 730 } } ` -ReportPath "C:\Reports\log_archive.json"
|