thank you very so so much. i have done :)
Vào 04:38:41 UTC+7 Thứ tư, ngày 02 tháng bảy năm 2014, Nguyễn Văn Hớn đã
viết:
>
> i have writed powershell script.
> this is content: ( it is detect new process)
>
> Clear-Content c:\old.txt;
> Clear-Content c:\new.txt;
> Clear-Content c:\compare.txt;
> Get-Process | Select-Object name|Format-Wide -Column 1 >old.txt;
> (gc old.txt) | Foreach {$_.TrimEnd()} | where {$_ -ne ""} | Set-Content
> old.txt;
> Start-Sleep -s 20;
> Get-Process | Select-Object name|Format-Wide -Column 1 >new.txt;
> (gc new.txt) | Foreach {$_.TrimEnd()} | where {$_ -ne ""} | Set-Content
> new.txt;
> $A = Get-Content "C:\old.txt";
> $B = Get-Content "C:\new.txt";
> $C=Compare-Object $A $B |Format-Wide -Column 1 >compare.txt;
> (gc compare.txt) | Foreach {$_.TrimEnd()} | where {$_ -ne ""} |
> Set-Content compare.txt;
> foreach ($line in get-content "c:\compare.txt"){Stop-Process -processname
> $line -Force};
> exit
>
> and i have set in agent window
>
>
> <localfile>
> <log_format>full_command</log_format>
> <command>powershell.exe -Command "C:\killprocess.ps1"</command>
> <frequency>60</frequency>
> <alias>NewProcess</alias>
> </localfile>
>
> but log i have is
>
> Compare-Object : Cannot bind argument to parameter 'ReferenceObject'
> because it
> is null.
> At C:\killprocess.ps1:11 char:18
> + $C=Compare-Object <<<< $A $B |Format-Wide -Column 1 >compare.txt;
> + CategoryInfo : InvalidData: (:) [Compare-Object],
> ParameterBind
> ingValidationException
> + FullyQualifiedErrorId :
> ParameterArgumentValidationErrorNullNotAllowed,M
> icrosoft.PowerShell.Commands.CompareObjectCommand
>
> what is my wrong :(
>
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
