From 8f98fd0db7c2a208ef2e111fba36e023eae8001f Mon Sep 17 00:00:00 2001
From: Naveen Angali <Naveen.angali@profisee.com>
Date: Tue, 20 Aug 2024 17:51:12 -0400
Subject: [PATCH] updated forensic script to have condition based run and
 include connex,data and monitor logs

---
 Azure-ARM/forensics_log_pull.ps1 | 33 +++++++++++++++++++++++++++++---
 1 file changed, 30 insertions(+), 3 deletions(-)

diff --git a/Azure-ARM/forensics_log_pull.ps1 b/Azure-ARM/forensics_log_pull.ps1
index faf52b0..ab93f42 100644
--- a/Azure-ARM/forensics_log_pull.ps1
+++ b/Azure-ARM/forensics_log_pull.ps1
@@ -1,6 +1,33 @@
+# Strings to look for
+$regvars = @("ause-pc-profisee-", "cae-pc-profisee-", "cus-pc-profisee-", "neu-pc-profisee-", "ukw-pc-profisee-", "wcus-pc-profisee-", "wus-pc-profisee-")
+
+# Function to check if the SQL Server starts with any of the specified values
+function Check-region {
+    param (
+        [string]$SqlServer
+    )
+
+    # Check if the SQL Server starts with any of the values
+    foreach ($regvar in $regvars) {
+        if ($SqlServer.StartsWith($regvar)) {
+            Write-Host "Condition met: Terminating script execution."
+            exit
+        }
+    }
+
+    Write-Host "Condition not met: Continuing script execution."
+}
+
+# Call the function with the variable
+Check-region -SqlServer $env:ProfiseeSqlServer
+
+# Rest of the script
+Write-Host "Executing the rest of the script..."
+
+New-Item -Path "C:\Fileshare\" -Name "alllogs" -ItemType "directory" -ErrorAction Ignore
 # Pull Product Services, IIS, Event Viewer logs as well as Netstat and TCPConnection logs
-$DT = get-date -UFormat "%m-%d-%Y-%H%M%S-UTC-%a" 
-mkdir "$env:TEMP\all-Logs\$DT\ProfiseeLogs\Config" 
+$DT = get-date -UFormat "%m-%d-%Y-%H%M%S-UTC-%a"
+mkdir "$env:TEMP\all-Logs\$DT\ProfiseeLogs\Config"
 mkdir "$env:TEMP\all-Logs\$DT\ProfiseeLogs\Gateway"
 mkdir "$env:TEMP\all-Logs\$DT\ProfiseeLogs\Attachments"
 mkdir "$env:TEMP\all-Logs\$DT\ProfiseeLogs\Auth"
@@ -37,7 +64,7 @@ $WebAppName = $env:ProfiseeWebAppName.substring(0, 1).ToUpper() + $env:ProfiseeW
 
 # Compress and copy to fileshare
 compress-archive -Path "$env:TEMP\all-Logs\$DT\" -DestinationPath "$env:TEMP\$WebAppName-All-Logs-$DT.zip"
-copy "$env:TEMP\$WebAppName-All-Logs-$DT.zip" "C:\fileshare\"
+copy "$env:TEMP\$WebAppName-All-Logs-$DT.zip" "C:\fileshare\alllogs"
 
 # Delete older zipped log files more than 30 days
 Get-ChildItem -Path C:\Fileshare\* -Include *all-logs-*.zip -Recurse | Where-Object {$_.LastWriteTime -lt (Get-Date).AddDays(-30)} | Remove-Item
\ No newline at end of file