Compress CSV to ZIP archive

.gitignore

@@ -1,4 +1,4 @@
 # Exclude CSV files, besides in SampleOutput
 *.csv
 !**/Sample Output/*.csv
-
+*.zip

README.md

@@ -12,8 +12,10 @@ This project contains a Powershell script that collect process and port allocati
     - Download as ZIP <BR /> https://github.com/tonikautto/windows-process-port-usage/archive/master.zip
 
 1. Open Powershell and run the script manually to confirm it works
-    - Trace only TCP and write results to same folder as PS1 file
+    - Trace only TCP and write results to subfolder 'PortTraces'
       <br />`Windows-Port-Usage.ps1`
+    - Trace only TCP and do not compress result to ZIP archive
+      <br />`Windows-Port-Usage.ps1 -NoZip` 
     - Trace only TCP and write results to custom location
       <br />`Windows-Port-Usage.ps1 -OutputFolder "\\MyFileServer\PortTraces\"`
     - Trace TCP and UDP and write results to same folder as PS1 file

Windows-Port-Usage.ps1

@@ -22,27 +22,43 @@
 
 <#
 .SYNOPSIS
-    Get snapshot of Windows IPv4 and IPv6 port usage for all current Windows processes. 
+    Get snapshot of current port usage for all current Windows processes, and store 
+    the result in CSV files for furhter analysis.  
 .DESCRIPTION
     This script gets current running processes and open connections for each process. 
+    Additionally some basic protocol details are collected, like dynamic port range. 
     The result is stored into a CSV files, which can be consumed into Qlik Sense for 
     analysis. Files are named with Windows hostname and timestamp, to enable collecting 
-    information over time and from multiple hosts in parallel. 
+    information over time and from multiple hosts in parallel. For space efficiency the 
+    CSV files are compressed to ZIP archive by default. 
     Recommendation is to execute script on regular interval through Windows scheduled 
     task to get a view of port usage over time.      
 .PARAMETER OutputFolder
-    Target folder for trace output. 
-    By default output is to same folder as script file. 
+    This paramater allows to define a custom output folder location, for example useful 
+    if the output from multiple nodes should be collected in a central file share.     
+    Default output is to a subfolder named "PortTraces" in the same location as this 
+    script file. 
 .PARAMETER IncludeUDP
-    Apply this flag to also trace UDP port consumption. 
+    This flag enables collection of UDP port allocation.     
     By default only TCP is traced. 
+.PARAMETER NoZip
+    Generated CSV files are by default added in a ZIP archive to save storage space. 
+    This flag leaves the genrated CSV files without compressing them in a ZIP archive.
 .EXAMPLE 
-    ./Windows-Port-Usage.ps1 -OutputFolder "\\MyFileServer\PortTraces\" -IncludeUDP
+    ./Windows-Port-Usage.ps1
+
+    The default option collects information for TCP connections, and excludes UDP 
+    connections. The generates CSV files are automatically compressed to a ZIP archive 
+    for storage space efficiency. 
+.EXAMPLE 
+    ./Windows-Port-Usage.ps1 -OutputFolder "\\MyFileServer\PortTraces\" -IncludeUDP -NoZip
 
     This execution writes traces to fileserver, which means that logs from multiple 
-    nodes can be collected to the same central location. Also UDP traces are included.
+    nodes can be collected to the same central location. Also UDP traces are included. 
+    The genearted CSV files are not compressed to ZIP archive, which enables a direct 
+    load into Qlik Sense app
 .EXAMPLE 
-    ./Windows-Port-Usage.ps1 -OutputFolder "\\MyFileServer\PortTraces\"
+    ./Windows-Port-Usage.ps1 -OutputFolder "\\MyFileServer\PortTraces\" -NoZip
 
     Write trace to file share, which means that logs from multiple nodes can be 
     collected to the same central location. Only collects TCP port consumption.
@@ -54,7 +70,8 @@
 
 param (
     [string] $OutputFolder = ".\PortTraces\", 
-    [switch] $IncludeUDP   = $false       
+    [switch] $IncludeUDP   = $false,
+    [switch] $NoZip        = $false     
 )
 
 # Define desired output location 
@@ -64,14 +81,17 @@ param (
 # Create folder
 New-Item -ItemType Directory -Force -Path "$OutputFolder" | Out-Null
 
-# Get time of script execution in format YYYYMMDDThhmmss+ZZZZ
-# For example 20190717T121751+1000 for 17 July 2019 12:17:51 PM in GTM+10
+# Get date and time of script execution in format YYYYMMDDThhmmss+ZZZZ
 $ExecutionTimeStamp = Get-Date -Format o | ForEach-Object {$_ -replace "[-:]|(\.[0-9]{7})"}
+$ExecutionDate      = Get-Date -Format "yyyyMMdd"
 
 # Generate name for CSV output files
 $CsvProcessList    = "$OutputFolder$env:computername`_Processes_$ExecutionTimeStamp.csv"
 $CsvTcpConnections = "$OutputFolder$env:computername`_TcpConnections_$ExecutionTimeStamp.csv"
 $CsvUdpConnections = "$OutputFolder$env:computername`_UdpConnections_$ExecutionTimeStamp.csv"
+$CsvTcpSettings    = "$OutputFolder$env:computername`_TcpSettings_$ExecutionTimeStamp.csv"
+$CsvUdpSettings    = "$OutputFolder$env:computername`_UdpSettings_$ExecutionTimeStamp.csv"
+$ZipOutputArchive  = "$OutputFolder$env:computername`_PortUsage_$ExecutionDate.zip"
 
 # Get running processes
 # Store result into CSV file, including hostname and execution time
@@ -102,4 +122,34 @@ If($IncludeUDP) {
                 * | `
     Export-Csv -Path "$CsvUdpConnections" -NoTypeInformation
 
-}
+}
+
+# Get current dynamic port range
+# Only get UDP range if flagged for inclusion
+# Store result into CSV files, including hostname and execution time
+
+Get-NetTCPSetting | Select-Object PolicyRuleName, DynamicPortRangeStartPort, DynamicPortRangeNumberOfPorts | `
+Select-Object @{Name='Timestamp';Expression={$ExecutionTimeStamp}}, `
+              @{Name='HostName'; Expression={$env:computername}}, `
+              @{Name='Protocol'; Expression={"TCP"}}, `
+              * | `
+Export-Csv -Path "$CsvTcpSettings" -NoTypeInformation
+
+If($IncludeUDP) {
+
+    Get-NetUDPSetting | Select-Object PolicyRuleName, DynamicPortRangeStartPort, DynamicPortRangeNumberOfPorts | `
+    Select-Object @{Name='Timestamp';Expression={$ExecutionTimeStamp}}, `
+                    @{Name='HostName'; Expression={$env:computername}}, `
+                    @{Name='Protocol'; Expression={"UDP"}}, `
+                    * | `
+    Export-Csv -Path "$CsvUdpSettings" -NoTypeInformation
+
+}
+
+# Append CSV files to ZIP 
+# Remove the al collected files that come from this execution
+# Leave all files uncompressed if NoZip flag was used
+If (! $NoZip) {
+    Compress-Archive -Path "$OutputFolder*$ExecutionTimeStamp*.csv" -Update -DestinationPath "$ZipOutputArchive"
+    Remove-Item "$OutputFolder*$ExecutionTimeStamp*.csv"
+}