Merge branch 'next'

Analysis/Net/Get-ARPStack.ps1

@@ -28,7 +28,7 @@ if (Get-Command logparser.exe) {
         ct ASC
 "@
 
-    & logparser -q:on -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
+    & logparser -stats:off -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

Analysis/Net/Get-DNSCacheStack.ps1

@@ -24,7 +24,7 @@ if (Get-Command logparser.exe) {
         ct ASC
 "@
 
-    & logparser -q:on -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
+    & logparser -stats:off -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

Analysis/Net/Get-NetstatByProtoForeignIpStateComponentProcessStack.ps1

@@ -60,7 +60,7 @@ if (Get-Command logparser.exe) {
         ct desc
 "@
 
-    & logparser -q:on -i:tsv -fixedsep:on -dtlines:0 -rtp:-1 $lpquery
+    & logparser -stats:off -i:tsv -fixedsep:on -dtlines:0 -rtp:-1 $lpquery
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

Analysis/Net/Get-NetstatForeign16sStack.ps1

@@ -55,7 +55,7 @@ if (Get-Command logparser.exe) {
         Cnt, Process desc
 "@
 
-    & logparser -q:on -i:tsv -fixedsep:on -dtlines:0 -rtp:-1 $lpquery
+    & logparser -stats:off -i:tsv -fixedsep:on -dtlines:0 -rtp:-1 $lpquery
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

Analysis/Net/Get-NetstatForeign24sStack.ps1

@@ -55,7 +55,7 @@ if (Get-Command logparser.exe) {
         Cnt, Process desc
 "@
 
-    & logparser -q:on -i:tsv -fixedsep:on -dtlines:0 -rtp:-1 $lpquery
+    & logparser -stats:off -i:tsv -fixedsep:on -dtlines:0 -rtp:-1 $lpquery
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

Analysis/Net/Get-NetstatForeignIpPortProcesStack.ps1

@@ -54,7 +54,7 @@ if (Get-Command logparser.exe) {
         ct desc
 "@
 
-    & logparser -q:on -i:tsv -fixedsep:on -dtlines:0 -rtp:-1 $lpquery
+    & logparser -stats:off -i:tsv -fixedsep:on -dtlines:0 -rtp:-1 $lpquery
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

Analysis/Net/Get-NetstatForeignIpProcess.ps1

@@ -51,7 +51,7 @@ if (Get-Command logparser.exe) {
         ct desc
 "@
 
-    & logparser -q:on -i:tsv -fixedsep:on -dtlines:0 -rtp:-1 $lpquery
+    & logparser -stats:off -i:tsv -fixedsep:on -dtlines:0 -rtp:-1 $lpquery
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

Analysis/Net/Get-NetstatListenerStack.ps1

@@ -42,7 +42,7 @@ if (Get-Command logparser.exe) {
         Cnt, Process desc
 "@
 
-    & logparser -q:on -i:tsv -fixedsep:on -dtlines:0 -rtp:-1 $lpquery
+    & logparser -stats:off -i:tsv -fixedsep:on -dtlines:0 -rtp:-1 $lpquery
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

Analysis/Net/Get-NetstatStack.ps1

@@ -62,7 +62,7 @@ if (Get-Command logparser.exe) {
         ct desc
 "@
 
-    & logparser -q:on -i:tsv -fixedsep:on -dtlines:0 -rtp:-1 $lpquery
+    & logparser -stats:off -i:tsv -fixedsep:on -dtlines:0 -rtp:-1 $lpquery
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

Analysis/asep/Get-ASEPImagePathLaunchStringMD5Stack.ps1

@@ -30,7 +30,7 @@ if (Get-Command logparser.exe) {
         ct ASC
 "@
 
-    & logparser -q:on -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
+    & logparser -stats:off -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

Analysis/asep/Get-ASEPImagePathLaunchStringMD5UnsignedStack.ps1

@@ -36,7 +36,7 @@ if (Get-Command logparser.exe) {
         ct ASC
 "@
 
-    & logparser -q:on -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
+    & logparser -stats:off -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

Analysis/asep/Get-ASEPImagePathLaunchStringPublisherStack.ps1

@@ -31,7 +31,7 @@ if (Get-Command logparser.exe) {
         ct ASC
 "@
 
-    & logparser -q:on -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
+    & logparser -stats:off -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

Analysis/asep/Get-ASEPImagePathLaunchStringStack.ps1

@@ -29,7 +29,7 @@ if (Get-Command logparser.exe) {
         ct ASC
 "@
 
-    & logparser -q:on -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
+    & logparser -stats:off -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

Analysis/asep/Get-ASEPImagePathLaunchStringUnsignedStack.ps1

@@ -30,7 +30,7 @@ if (Get-Command logparser.exe) {
         ct ASC
 "@
 
-    & logparser -q:on -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
+    & logparser -stats:off -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

Analysis/asep/Get-SvcFailAllStack.ps1

@@ -36,7 +36,7 @@ if (Get-Command logparser.exe) {
         ct ASC
 "@
 
-    & logparser -q:on -i:tsv -fixedsep:on -dtlines:0 -rtp:-1 $lpquery
+    & logparser -stats:off -i:tsv -fixedsep:on -dtlines:0 -rtp:-1 $lpquery
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

Analysis/asep/Get-SvcFailCmdLineStack.ps1

@@ -25,7 +25,7 @@ if (Get-Command logparser.exe) {
         ct ASC
 "@
 
-    & logparser -q:on -i:tsv -fixedsep:on -dtlines:0 -rtp:-1 $lpquery
+    & logparser -stats:off -i:tsv -fixedsep:on -dtlines:0 -rtp:-1 $lpquery
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

Analysis/asep/Get-SvcFailStack.ps1

@@ -40,7 +40,7 @@ if (Get-Command logparser.exe) {
         ct ASC
 "@
 
-    & logparser -q:on -i:tsv -fixedsep:on -dtlines:0 -rtp:-1 $lpquery
+    & logparser -stats:off -i:tsv -fixedsep:on -dtlines:0 -rtp:-1 $lpquery
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

Analysis/asep/Get-SvcTrigStack.ps1

@@ -32,7 +32,7 @@ if (Get-Command logparser.exe) {
         ct ASC
 "@
 
-    & logparser  -q:on -i:tsv -fixedsep:on -dtlines:0 -rtp:-1 $lpquery
+    & logparser  -stats:off -i:tsv -fixedsep:on -dtlines:0 -rtp:-1 $lpquery
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

Analysis/config/Get-AMHealthStatusStack.ps1

@@ -0,0 +1,95 @@
+<#
+.SYNOPSIS
+Get-AMHealthStatusStack.ps1
+
+Returns the following fields:
+AntispywareEnabled, AntispywareSignatureAge, 
+AntispywareSignatureVersion, AntivirusEnabled, AntivirusSignatureAge, 
+AntivirusSignatureVersion, BehaviorMonitorEnabled, Enabled,
+EngineVersion, IoavProtectionenabled, Name, NisEnabled, 
+NisEngineVersion, NisSignatureVersion, OnAccessProtectionEnabled,
+ProductStatus, RealTimeScanDirection, RtpEnabled, SchemaVersion,
+Version
+
+Requires:
+Process data matching *AMHealthStatus.tsv in pwd logparser.exe in path
+.NOTES
+DATADIR AMHealthStatus
+#>
+
+if (Get-Command logparser.exe) {
+    $lpquery = @"
+    SELECT count (
+        AntispywareEnabled, 
+        AntispywareSignatureAge, 
+        AntispywareSignatureVersion,
+        AntivirusEnabled, 
+        AntivirusSignatureAge, 
+        AntivirusSignatureVersion, 
+        BehaviorMonitorEnabled, 
+        Enabled,
+        EngineVersion, 
+        IoavProtectionenabled, 
+        Name, 
+        NisEnabled,
+        NisEngineVersion, 
+        NisSignatureVersion, 
+        OnAccessProtectionEnabled,
+        ProductStatus, 
+        RealTimeScanDirection, 
+        RtpEnabled, 
+        SchemaVersion,
+        Version) AS CNT,
+        AntispywareEnabled, 
+        AntispywareSignatureAge, 
+        AntispywareSignatureVersion,
+        AntivirusEnabled, 
+        AntivirusSignatureAge, 
+        AntivirusSignatureVersion, 
+        BehaviorMonitorEnabled, 
+        Enabled,
+        EngineVersion, 
+        IoavProtectionenabled, 
+        Name, 
+        NisEnabled,
+        NisEngineVersion, 
+        NisSignatureVersion, 
+        OnAccessProtectionEnabled,
+        ProductStatus, 
+        RealTimeScanDirection, 
+        RtpEnabled, 
+        SchemaVersion,
+        Version
+    FROM
+        *AMHealthStatus.tsv
+    GROUP BY
+        AntispywareEnabled, 
+        AntispywareSignatureAge, 
+        AntispywareSignatureVersion,
+        AntivirusEnabled, 
+        AntivirusSignatureAge, 
+        AntivirusSignatureVersion, 
+        BehaviorMonitorEnabled, 
+        Enabled,
+        EngineVersion, 
+        IoavProtectionenabled, 
+        Name, 
+        NisEnabled,
+        NisEngineVersion, 
+        NisSignatureVersion, 
+        OnAccessProtectionEnabled,
+        ProductStatus, 
+        RealTimeScanDirection, 
+        RtpEnabled, 
+        SchemaVersion,
+        Version
+    ORDER BY
+        CNT ASC
+"@
+
+    & logparser -stats:off -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
+
+} else {
+    $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)
+    "${ScriptName} requires logparser.exe in the path."
+}

Analysis/config/Get-LocalAdminStack.ps1

@@ -24,7 +24,7 @@ if (Get-Command logparser.exe) {
         ct ASC
 "@
 
-    & logparser -q:on -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
+    & logparser -stats:off -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

Analysis/log/Get-LogUserAssistValueByDate.ps1

@@ -27,7 +27,7 @@ if (Get-Command logparser.exe) {
         KeyLastWriteTime DESC
 "@
 
-    & logparser -q:on -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
+    & logparser -stats:off -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

Analysis/log/Get-LogUserAssistValueStack.ps1

@@ -25,7 +25,7 @@ if (Get-Command logparser.exe) {
         ct ASC
 "@
 
-    & logparser -q:on -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
+    & logparser -stats:off -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

Analysis/process/Get-HandleProcessOwnerStack.ps1

@@ -28,7 +28,7 @@ if (Get-Command logparser.exe) {
         ct ASC
 "@
 
-    & logparser -q:on -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
+    & logparser -stats:off -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

Analysis/process/Get-PrefetchListingLastWriteTime.ps1

@@ -25,7 +25,7 @@ if (Get-Command logparser.exe) {
         LastWriteTimeUtc Desc
 "@
 
-    & logparser -q:on -i:tsv -fixedsep:on -dtlines:0 -rtp:-1 $lpquery
+    & logparser -stats:off -i:tsv -fixedsep:on -dtlines:0 -rtp:-1 $lpquery
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

Analysis/process/Get-PrefetchListingStack.ps1

@@ -26,7 +26,7 @@ if (Get-Command logparser.exe) {
         ct
 "@
 
-    & logparser -q:on -i:tsv -fixedsep:on -dtlines:0 -rtp:-1 $lpquery
+    & logparser -stats:off -i:tsv -fixedsep:on -dtlines:0 -rtp:-1 $lpquery
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

Analysis/process/Get-ProcsWMICLIMD5Stack.ps1

@@ -28,7 +28,7 @@ if (Get-Command logparser.exe) {
         Cnt ASC
 "@
 
-    & logparser -q:on -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
+    & logparser -stats:off -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

Analysis/process/Get-ProcsWMICmdlineStack.ps1

@@ -24,7 +24,7 @@ if (Get-Command logparser.exe) {
         ct ASC
 "@
 
-    & logparser -q:on -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
+    & logparser -stats:off -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

Analysis/process/Get-ProcsWMIProcessNameStack.ps1

@@ -24,7 +24,7 @@ if (Get-Command logparser.exe) {
         ct ASC
 "@
 
-    & logparser -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
+    & logparser -stats:off -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

Analysis/process/Get-ProcsWMISortByCreationDate.ps1

@@ -27,7 +27,7 @@ if (Get-Command logparser.exe) {
         ProcessId ASC
 "@
 
-    & logparser -q:on -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
+    & logparser -stats:off -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

Analysis/process/Get-ProcsWMITempExePath.ps1

@@ -34,7 +34,7 @@ if (Get-Command logparser.exe) {
         ProcessId ASC
 "@
 
-    & logparser -q:on -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
+    & logparser -stats:off -i:tsv -dtlines:0 -fixedsep:on -rtp:-1 "$lpquery"
 
 } else {
     $ScriptName = [System.IO.Path]::GetFileName($MyInvocation.ScriptName)

kansa.ps1

@@ -763,7 +763,7 @@ function Set-KansaPath {
         }
     }
     if (-not($found)) {
-        $env:path = $env:path + ";$pwd\Analysis\ASEP;$pwd\Analysis\Meta;$pwd\Analysis\Net;$pwd\Analysis\Process;$pwd\Analysis\Log;"
+        $env:path = $env:path + ";$pwd\Analysis\ASEP;$pwd\Analysis\Config;$pwd\Analysis\Meta;$pwd\Analysis\Net;$pwd\Analysis\Process;$pwd\Analysis\Log;"
     }
 }