Update 'README.md'

README.md

@@ -1,3 +1,508 @@
-# GetLog
+#  Parv's Case Download Utility (PCDU)
 
-Log Getting Script by Parv Using SCP as Backend - Works With SJA
+
+-----
+
+```
+  ____                  _       ____ ____  _   _ 
+ |  _ \ __ _ _ ____   _( )___  / ___|  _ \| | | |
+ | |_) / _` | '__\ \ / /|// __|| |   | | | | | | |
+ |  __/ (_| | |   \ V /  \__ \| |___| |_| | |_| |
+ |_|   \__,_|_|    \_/   |___(_)____|____/ \___/ 
+                                                  
+ Parv's Case Download Utility (Parv's CDU)
+ 
+```
+TABLE OF CONTENTS
+-----------------
+1. Overview
+2. Features
+3. System Requirements
+4. Installation
+5. Usage
+6. Configuration
+7. File Organization
+8. Troubleshooting
+9. FAQ
+10. Version History
+11. Author & License
+
+
+================================================================================
+1. OVERVIEW
+================================================================================
+
+Parv's Case Download Utility (PCDU) is a Windows batch script designed to 
+automate the download of NetScaler case files from remote analysis servers.
+
+It efficiently retrieves:
+  - Saved configurations (ns.conf)
+  - Running configurations (ns_running_config.conf)
+  - Packet captures (PCAP, CAP files)
+  - SSL keys
+  - HAR files
+  - Screenshots and images
+  - Log files and other case artifacts
+
+The tool organizes downloaded files into a structured directory format for
+easy analysis and review.
+
+
+================================================================================
+2. FEATURES
+================================================================================
+
+✓ Automatic Case File Discovery
+  - Scans case directories for collector bundles
+  - Identifies all relevant files automatically
+
+✓ Selective Download
+  - Downloads configs from inside collector bundles
+  - Downloads captures/media from case root only
+  - Excludes unnecessary files (support.tgz, full bundles)
+
+✓ Smart Organization
+  - configs/   - Configuration files
+  - captures/  - PCAP, CAP, HAR, SSL keys
+  - media/     - Screenshots and images
+  - *.txt, *.log, *.xml - Root level files
+
+✓ Performance Optimized
+  - Single SSH scan for directory structure
+  - Quiet mode transfers (no verbose output)
+  - Filters authentication noise
+
+✓ Comprehensive Logging
+  - Detailed download log per case
+  - Summary statistics
+  - Error tracking
+
+✓ Dual SCP Support
+  - PuTTY (pscp.exe/plink.exe)
+  - OpenSSH Client (scp/ssh)
+
+
+================================================================================
+3. SYSTEM REQUIREMENTS
+================================================================================
+
+Operating System:
+  - Windows 10 or later
+  - Windows Server 2016 or later
+
+Required Software (ONE of the following):
+  
+  Option A - PuTTY Suite (Recommended):
+    - pscp.exe (PuTTY Secure Copy)
+    - plink.exe (PuTTY Link)
+    Download: https://www.putty.org/
+
+  Option B - OpenSSH Client:
+    - Built into Windows 10 (1809+) and Windows 11
+    - Enable via: Settings > Apps > Optional Features > OpenSSH Client
+
+Network Requirements:
+  - SSH access to myanalysis.web.server.local
+  - Valid user credentials
+  - Port 22 outbound access
+
+Permissions:
+  - Write access to %USERPROFILE%\Downloads\SJLNT\
+
+
+================================================================================
+4. INSTALLATION
+================================================================================
+
+STEP 1: Download PCDU
+----------------------
+Download the getlog.bat file to a convenient location:
+  C:\Tools\PCDU\getlog.bat
+
+STEP 2: Install SCP Tool
+-------------------------
+Option A - PuTTY (Recommended):
+  1. Download PuTTY installer from https://www.putty.org/
+  2. Run installer (installs to C:\Program Files\PuTTY\ by default)
+  3. Add to PATH:
+     - Right-click "This PC" > Properties
+     - Advanced System Settings > Environment Variables
+     - Edit "Path" under System Variables
+     - Add: C:\Program Files\PuTTY\
+     - Click OK
+
+Option B - OpenSSH:
+  1. Open Settings > Apps > Optional Features
+  2. Click "Add a feature"
+  3. Find "OpenSSH Client"
+  4. Click Install
+  5. Restart terminal/command prompt
+
+STEP 3: Verify Installation
+----------------------------
+Open Command Prompt and run:
+  pscp.exe
+    OR
+  scp
+
+You should see usage information (not "command not found").
+
+STEP 4: (Optional) Create Desktop Shortcut
+-------------------------------------------
+1. Right-click Desktop > New > Shortcut
+2. Location: C:\Windows\System32\cmd.exe /k C:\Tools\PCDU\getlog.bat
+3. Name: PCDU - Case Downloader
+4. Change icon if desired
+
+
+================================================================================
+5. USAGE
+================================================================================
+
+BASIC USAGE
+-----------
+Double-click getlog.bat or run from command prompt:
+
+  getlog.bat
+
+You'll be prompted for:
+  1. Case Number (e.g., 909801482)
+  2. SSH Username (e.g., john.doe)
+  3. SSH Password (hidden input)
+
+
+COMMAND-LINE USAGE
+------------------
+Syntax:
+  getlog.bat [CASE_NUMBER] [USERNAME] [PASSWORD]
+
+Examples:
+
+  Interactive mode:
+    getlog.bat
+
+  Case number only (prompts for credentials):
+    getlog.bat 909801482
+
+  Case + Username (prompts for password):
+    getlog.bat 909801482 john.doe
+
+  Fully automated (for scripts):
+    getlog.bat 909801482 john.doe MyP@ssw0rd
+
+
+WORKFLOW
+--------
+1. Script connects to myanalysis.web.server.local via SSH
+2. Verifies case directory exists
+3. Scans for collector bundles and files (single SSH call)
+4. Downloads configurations from collector bundles
+5. Downloads captures/media from case root
+6. Organizes files into structured folders
+7. Generates download log
+8. Displays summary
+9. Optionally opens destination folder
+
+
+================================================================================
+6. CONFIGURATION
+================================================================================
+
+REMOTE SERVER SETTINGS
+----------------------
+Edit these variables in getlog.bat if needed:
+
+  Line ~45:
+    set "REMOTE_SERVER=myanalysis.web.server.local"
+    
+  Line ~46:
+    set "REMOTE_BASE_PATH=/upload/logs/cases"
+
+
+LOCAL DESTINATION
+-----------------
+Default download location:
+  %USERPROFILE%\Downloads\SJLNT\<CASE_NUMBER>\
+
+To change, edit line ~75:
+  set "DEST=%USERPROFILE%\Downloads\SJLNT\%CASENO%"
+
+Example custom location:
+  set "DEST=D:\CaseFiles\%CASENO%"
+
+
+FILE TYPE FILTERS
+-----------------
+To add/remove file types, edit the find command around line ~185:
+
+Current filters:
+  *.cap, *.pcap, *.pcapng     - Packet captures
+  *.sslkeys, *.keys           - SSL key files
+  *.har                       - HTTP Archive files
+  *.xml                       - XML files
+  *.jpg, *.jpeg, *.png, etc.  - Image files
+  *.txt, *.log, *.csv         - Text/log files
+  *.json                      - JSON files
+
+
+================================================================================
+7. FILE ORGANIZATION
+================================================================================
+
+DIRECTORY STRUCTURE
+-------------------
+After download, files are organized as follows:
+
+%USERPROFILE%\Downloads\SJLNT\<CASE_NUMBER>\
+│
+├── configs\
+│   ├── ns.conf_collector_P_192.168.10.195_<IP>_<TimeStamp>
+│   ├── ns.conf_collector_S_192.168.10.196_<IP>_<TimeStamp>
+│   ├── ns_running_config.conf_collector_P_<IP>_<TimeStamp>
+│   └── ns_running_config.conf_collector_S_<IP>_<TimeStamp>
+│
+├── captures\
+│   ├── nstrace.cap
+│   ├── nstrace.pcap
+│   ├── traffic.sslkeys
+│   └── browser_session.har
+│
+├── media\
+│   ├── error_screenshot.png
+│   ├── config_page.jpg
+│   └── network_diagram.png
+│
+├── config.xml
+├── case_notes.txt
+├── troubleshooting.log
+└── download_<CASE_NUMBER>.log
+
+
+FILE NAMING CONVENTIONS
+-----------------------
+Configuration files from collector bundles are suffixed with collector name
+to prevent conflicts:
+
+  Original: ns.conf
+  Downloaded as: ns.conf_collector_<P/S>_<IP>_<TimeStamp>
+
+This allows you to distinguish between Primary and Secondary configs when
+multiple collector bundles exist.
+
+
+DOWNLOAD LOG
+------------
+Each case download generates a log file:
+  download_<CASE_NUMBER>.log
+
+Contains:
+  - Timestamp
+  - Connection details
+  - Files found and downloaded
+  - Errors (if any)
+  - Summary statistics
+
+
+================================================================================
+8. TROUBLESHOOTING
+================================================================================
+
+ISSUE: "pscp.exe not found" or "scp not found"
+SOLUTION:
+  1. Verify installation:
+     - Run: where pscp.exe  OR  where scp
+  2. If not found, reinstall PuTTY or OpenSSH (see Section 4)
+  3. Ensure PATH is set correctly
+  4. Restart Command Prompt after PATH changes
+
+
+ISSUE: "SSH connection failed"
+SOLUTION:
+  1. Verify network connectivity:
+     - Run: ping myanalysis.web.server.local
+  2. Check credentials are correct
+  3. Verify VPN connection (if required)
+  4. Check firewall allows outbound port 22
+  5. Try manual connection:
+     - ssh username@myanalysis.web.server.local
+
+
+ISSUE: "Case directory not found"
+SOLUTION:
+  1. Verify case number is correct
+  2. Check case exists on server:
+     - SSH manually: ssh username@smyanalysis.web.server.local
+     - Navigate: cd /upload/ftp/<CASE_NUMBER>
+  3. Ensure case has been uploaded to analysis server
+
+
+ISSUE: "No collector bundles found"
+SOLUTION:
+  - This is normal if case doesn't have collector bundles
+  - Script will still download files from case root
+  - Check if support bundle was uploaded
+
+
+ISSUE: Files downloading slowly
+SOLUTION:
+  1. Check network bandwidth
+  2. Large PCAP files may take time
+  3. Script uses optimized transfer mode
+  4. Consider downloading during off-peak hours
+
+
+ISSUE: "Unable to identify Keyboard-interactive authentication prompts"
+SOLUTION:
+  - This is a cosmetic warning, usually safe to ignore
+  - Script filters these messages in v1.0
+  - If persisting, update to latest version
+
+
+ISSUE: Download incomplete
+SOLUTION:
+  1. Check download log for errors
+  2. Verify disk space available
+  3. Re-run script (safe to run multiple times)
+  4. Check file permissions in destination folder
+
+
+ISSUE: Password prompt not working
+SOLUTION:
+  1. Password is hidden during input (normal behavior)
+  2. Type carefully and press Enter
+  3. If automated, pass as 3rd parameter (not secure!)
+  4. Consider SSH key authentication for automation
+
+
+================================================================================
+9. FAQ
+================================================================================
+
+Q: Is it safe to run the script multiple times on the same case?
+A: Yes. The script will overwrite existing files. Useful for resuming 
+   interrupted downloads.
+
+Q: Can I automate this for multiple cases?
+A: Yes. Create a wrapper script:
+     FOR %%C IN (909801482 101801843 101801844) DO (
+       getlog.bat %%C username password
+     )
+
+Q: Does it download the entire collector bundle?
+A: No. It selectively downloads only ns.conf and running config from inside
+   bundles. Other files come from case root only.
+
+Q: What about support.tgz files?
+A: These are intentionally excluded to save time and bandwidth.
+
+Q: Can I change the destination folder?
+A: Yes. Edit the DEST variable (see Section 6).
+
+Q: Does this work with SFTP servers?
+A: No. Currently supports SCP/SSH only. SFTP support may be added in future.
+
+Q: Will this work on Linux or Mac?
+A: No. This is a Windows batch script. However, the logic can be adapted to
+   bash scripts for Unix-like systems.
+
+Q: How do I update PCDU?
+A: Download the latest getlog.bat and replace the old file.
+
+Q: Is password stored anywhere?
+A: No. Password is stored only in memory during script execution and is not
+   logged or saved to disk.
+
+Q: Can I use SSH keys instead of password?
+A: Yes, if using OpenSSH. Configure SSH keys in ~/.ssh/ and remove password
+   prompts from script.
+
+Q: What if I have multiple collector bundles (Primary/Secondary)?
+A: Script downloads configs from all collectors found and names them 
+   accordingly.
+
+
+================================================================================
+10. VERSION HISTORY
+================================================================================
+
+v1.0 - February 2026
+--------------------
+[+] Initial release
+[+] Auto-discovery of collector bundles
+[+] Selective config download from collectors
+[+] Case root file download (captures, media, logs)
+[+] Organized directory structure
+[+] Comprehensive logging
+[+] Dual SCP support (PuTTY/OpenSSH)
+[+] Performance optimization (single SSH scan)
+[+] Keyboard-interactive message filtering
+[+] Progress indicators and summary
+[+] ASCII art branding
+
+
+PLANNED FEATURES (Future Versions)
+-----------------------------------
+[ ] Multi-case batch processing
+[ ] Resume capability for interrupted downloads
+[ ] SSH key authentication support
+[ ] Custom file type filters via config file
+[ ] Download only specific file types (flags)
+[ ] Compression of downloaded files
+[ ] Email notification on completion
+[ ] GUI version
+[ ] Linux/Mac bash script version
+[ ] Progress bars for large files
+[ ] Bandwidth limiting option
+
+
+================================================================================
+11. AUTHOR & LICENSE
+================================================================================
+
+AUTHOR
+------
+Developed by: Parv
+Version: 1.0
+Date: February 2026
+
+
+LICENSE
+-------
+This tool is provided "as-is" without warranty of any kind.
+
+You are free to:
+  - Use this tool for personal or commercial purposes
+  - Modify the code to suit your needs
+  - Distribute modified or unmodified versions
+
+Please:
+  - Give credit to the original author
+  - Do not hold the author liable for any issues arising from use
+
+
+DISCLAIMER
+----------
+This tool is designed for authorized use only. Ensure you have proper
+authorization before connecting to remote servers and downloading case files.
+
+The author is not responsible for:
+  - Unauthorized access to systems
+  - Data loss or corruption
+  - Network or system issues
+  - Misuse of downloaded data
+
+
+
+ACKNOWLEDGMENTS
+---------------
+Special thanks to:
+  - PuTTY development team
+  - OpenSSH project
+  - NetScaler support community
+
+
+================================================================================
+
+Thank you for using Parv's Case Download Utility (PCDU)!
+
+================================================================================