Multiple issues with deploy.bat scritp about ta-sysmon-deploy HOT 2 OPEN

I will post my modified script which works for me. Hope it will be help for somebody.

ECHO OFF

FOR /F "delims=" %%i IN ('wmic service SplunkForwarder get Pathname ^| FINDSTR /m service') DO SET SPLUNKDPATH=%%i
SET SPLUNKPATH=%SPLUNKDPATH:~1,-28%

>> %WINDIR%\sysmon.log (
setlocal EnableDelayedExpansion

ECHO %DATE%-%TIME% "deploy.bat" Checking for Sysmon status

FOR /F "delims=" %%c IN ('sc query "Sysmon" ^| FIND /c "RUNNING"') DO (
    SET CHECK_SYSMON_RUNNIG=%%c
)
FOR /F "delims=" %%b IN ('c:\windows\sysmon.exe ^| FIND /c "System Monitor v13.01"') DO (
    SET CHECK_SYSMON_VERSION=%%b
)

if "!CHECK_SYSMON_RUNNIG!" == "1" (
    ECHO %DATE%-%TIME% Sysmon found, checking if it is version v13.01
    IF "!CHECK_SYSMON_VERSION!" == "1" (
        ECHO %DATE%-%TIME% Sysmon already up to date, exiting
        EXIT
    ) ELSE (
        ECHO %DATE%-%TIME% Sysmon binary is outdated, un-installing
        IF EXIST %WINDIR%\sysmon.exe (
            %WINDIR%\sysmon.exe -u
        )
    )
) ELSE (
    ECHO %DATE%-%TIME% Sysmon not found, proceding to install
    ECHO %DATE%-%TIME% Copying the latest config and install file
    COPY /z /y "%SPLUNKPATH%\etc\apps\TA-Sysmon-deploy\bin\config.xml" "C:\windows\"
    COPY /z /y "%SPLUNKPATH%\etc\apps\TA-Sysmon-deploy\bin\sysmon.exe" "C:\windows\"
    ECHO %DATE%-%TIME% Installing Sysmon
    "%SPLUNKPATH%\etc\apps\TA-Sysmon-deploy\bin\sysmon.exe" /accepteula -i c:\windows\config.xml | Find /c "Sysmon installed" 1>NUL
    ECHO %DATE%-%TIME% Install complete!
    powershell -Command "& {Restart-Service Splunkforwarder;}"
    EXIT
)
ECHO %DATE%-%TIME% Install failed
)

from ta-sysmon-deploy.

I will post my modified script which works for me. Hope it will be help for somebody.

ECHO OFF

FOR /F "delims=" %%i IN ('wmic service SplunkForwarder get Pathname ^| FINDSTR /m service') DO SET SPLUNKDPATH=%%i
SET SPLUNKPATH=%SPLUNKDPATH:~1,-28%

>> %WINDIR%\sysmon.log (
setlocal EnableDelayedExpansion

ECHO %DATE%-%TIME% "deploy.bat" Checking for Sysmon status

FOR /F "delims=" %%c IN ('sc query "Sysmon" ^| FIND /c "RUNNING"') DO (
    SET CHECK_SYSMON_RUNNIG=%%c
)
FOR /F "delims=" %%b IN ('c:\windows\sysmon.exe ^| FIND /c "System Monitor v13.01"') DO (
    SET CHECK_SYSMON_VERSION=%%b
)

if "!CHECK_SYSMON_RUNNIG!" == "1" (
    ECHO %DATE%-%TIME% Sysmon found, checking if it is version v13.01
    IF "!CHECK_SYSMON_VERSION!" == "1" (
        ECHO %DATE%-%TIME% Sysmon already up to date, exiting
        EXIT
    ) ELSE (
        ECHO %DATE%-%TIME% Sysmon binary is outdated, un-installing
        IF EXIST %WINDIR%\sysmon.exe (
            %WINDIR%\sysmon.exe -u
        )
    )
) ELSE (
    ECHO %DATE%-%TIME% Sysmon not found, proceding to install
    ECHO %DATE%-%TIME% Copying the latest config and install file
    COPY /z /y "%SPLUNKPATH%\etc\apps\TA-Sysmon-deploy\bin\config.xml" "C:\windows\"
    COPY /z /y "%SPLUNKPATH%\etc\apps\TA-Sysmon-deploy\bin\sysmon.exe" "C:\windows\"
    ECHO %DATE%-%TIME% Installing Sysmon
    "%SPLUNKPATH%\etc\apps\TA-Sysmon-deploy\bin\sysmon.exe" /accepteula -i c:\windows\config.xml | Find /c "Sysmon installed" 1>NUL
    ECHO %DATE%-%TIME% Install complete!
    powershell -Command "& {Restart-Service Splunkforwarder;}"
    EXIT
)
ECHO %DATE%-%TIME% Install failed
)

Doh, found this too late.

I ended up just adding two blocks of >> %WINDIR%\sysmon.log () in the script ensuring the FOR statements were not included in them.

from ta-sysmon-deploy.