读取Host的证书并输出到Splunk

发布于 2025-01-10 18:01:24 字数 999 浏览 0 评论 0原文

我的大脑出现了障碍，不知道如何解决。

我有以下脚本：

$CorrelationId = New-Guid
$Server = Get-WMIObject Win32_ComputerSystem| Select-Object -ExpandProperty Name
$getcert= Get-ChildItem cert:\LocalMachine\My -Recurse | Where-Object {$_ -is [System.Security.Cryptography.X509Certificates.X509Certificate2] -and ($_.NotAfter -lt (Get-Date).AddDays(45)) -and($_.Issuer -eq "CN=test.at, DC=ds, DC=test, DC=at")}  | Select-Object -Property Issuer, NotAfter, Subject, FriendlyName


$notafter = $getcert.NotAfter
$Subject = $getcert.Subject
$issuer = $getcert.Issuer
$FriendlyName= $getcert.FriendlyName


Write-Log -D Console,Splunk -L Info -A Servercertificate -M " Certificate $Subject on Host $Server with issuer $issuer and FriendlyName $FriendlyName expires at $notafter" -CorrelationId $CorrelationId -EventId 1

只要我只有 1 个证书，它就可以正常工作，但如果我有多个证书，它就只能连线了。

我知道可以用 foreach 解决这个问题，但我不知道该怎么做。

感谢您的帮助

原文

i got block in my brain and don`t know how to fix ist.

i have following script:

$CorrelationId = New-Guid
$Server = Get-WMIObject Win32_ComputerSystem| Select-Object -ExpandProperty Name
$getcert= Get-ChildItem cert:\LocalMachine\My -Recurse | Where-Object {$_ -is [System.Security.Cryptography.X509Certificates.X509Certificate2] -and ($_.NotAfter -lt (Get-Date).AddDays(45)) -and($_.Issuer -eq "CN=test.at, DC=ds, DC=test, DC=at")}  | Select-Object -Property Issuer, NotAfter, Subject, FriendlyName


$notafter = $getcert.NotAfter
$Subject = $getcert.Subject
$issuer = $getcert.Issuer
$FriendlyName= $getcert.FriendlyName


Write-Log -D Console,Splunk -L Info -A Servercertificate -M " Certificate $Subject on Host $Server with issuer $issuer and FriendlyName $FriendlyName expires at $notafter" -CorrelationId $CorrelationId -EventId 1

as long i have just 1 Cert it works proper, but if i got more than one it`s just wired.

I know that it is may possible to fix this with foreach, but i don`t know how to do it.

Thanks for your Help

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

你怎么这么可爱啊 2025-01-17 18:01:24

如果您的 Write-Log 命令按预期工作，并且您希望每个证书都有一个唯一的 CorrelationId，那么它应该相当简单。

例如：

$Server = Get-WMIObject Win32_ComputerSystem| Select-Object -ExpandProperty Name
$getcert= Get-ChildItem cert:\LocalMachine\My -Recurse | Where-Object {$_ -is [System.Security.Cryptography.X509Certificates.X509Certificate2] -and ($_.NotAfter -lt (Get-Date).AddDays(45)) -and ($_.Issuer -eq "CN=test.at, DC=ds, DC=test, DC=at")}  | Select-Object -Property Issuer, NotAfter, Subject, FriendlyName

foreach ($cert in $getcert) {
    $CorrelationId = New-Guid

    $notafter = $cert.NotAfter
    $Subject = $cert.Subject
    $issuer = $cert.Issuer
    $FriendlyName = $cert.FriendlyName

    Write-Log -D Console,Splunk -L Info -A Servercertificate -M " Certificate $Subject on Host $Server with issuer $issuer and FriendlyName $FriendlyName expires at $notafter" -CorrelationId $CorrelationId -EventId 1
}

If your Write-Log command is working as expected, and you'd prefer to have a unique CorrelationId per certificate, then it should be fairly straightforward.

For example:

$Server = Get-WMIObject Win32_ComputerSystem| Select-Object -ExpandProperty Name
$getcert= Get-ChildItem cert:\LocalMachine\My -Recurse | Where-Object {$_ -is [System.Security.Cryptography.X509Certificates.X509Certificate2] -and ($_.NotAfter -lt (Get-Date).AddDays(45)) -and ($_.Issuer -eq "CN=test.at, DC=ds, DC=test, DC=at")}  | Select-Object -Property Issuer, NotAfter, Subject, FriendlyName

foreach ($cert in $getcert) {
    $CorrelationId = New-Guid

    $notafter = $cert.NotAfter
    $Subject = $cert.Subject
    $issuer = $cert.Issuer
    $FriendlyName = $cert.FriendlyName

    Write-Log -D Console,Splunk -L Info -A Servercertificate -M " Certificate $Subject on Host $Server with issuer $issuer and FriendlyName $FriendlyName expires at $notafter" -CorrelationId $CorrelationId -EventId 1
}

回复收藏 0 原文

~没有更多了~