Logic error 3, should not reach here..

[ManuelBerrueta]

I was running the script like so .\DeepBlue.ps1 C:\Path\Tp\myEvtxFile.evtx I verified that I am using a valid evtx file and it opens fine with Event Viewer. I am reaching this Logic error 3, should not reach here..

I commented out that check on the switch and then it would hit a following Logic error 1, should not reach here....

Unfortunately, I cannot provide the evtx file for testing which I am sure would be helpful.

I can share that issue looks to be an unsupported type in the $event.LogName of Microsoft-Windows-TerminalServices-RDPClient/Operational. Which looks not to be supported at the moment in the code.

As a thought/suggestion, it may be worthwhile to have some kind of processing anyway, even if is not a supported LogName to try to get something useful out of it.

[silicon-cowboi]

It looks like the script wants the .evtx file named a specific way. Once I changed the name of mine to Security.evtx it worked switch ($event.LogName){ "Security" {$logname="Security"} "System" {$logname="System"} "Application" {$logname="Application"} "Microsoft-Windows-AppLocker/EXE and DLL" {$logname="Applocker"} "Microsoft-Windows-PowerShell/Operational" {$logname="Powershell"} "Microsoft-Windows-Sysmon/Operational" {$logname="Sysmon"} "Microsoft-Windows-WMI-Activity/Operational" {$logname="WMI-Activity"} default {"Logic error 3, should not reach here...";Exit 1} }