Sākums Izpētīt
Reģistrēties Pierakstīties
parv.ashwani
/
PCDU
1
0
Atdalīts 0
Faili Problēmas 0 Izmaiņu pieprasījumi 5

Parv's Case Download Utility (PCDU)

Atzars: ASSETS
Atzari Tagi
PCDU
parv.ashwani f3565d1eb8 Delete 'pcdu.bat' 3 mēneši atpakaļ
Icons 570fcb9001 ASSETS 3 mēneši atpakaļ
README.md d0b4b0e209 Update 'README.md' 3 mēneši atpakaļ

README.md

Parv's Case Download Utility (PCDU)

  ____                  _       ____ ____  _   _ 
 |  _ \ __ _ _ ____   _( )___  / ___|  _ \| | | |
 | |_) / _` | '__\ \ / /|// __|| |   | | | | | | |
 |  __/ (_| | |   \ V /  \__ \| |___| |_| | |_| |
 |_|   \__,_|_|    \_/   |___(_)____|____/ \___/ 
                                                  
 Parv's Case Download Utility (Parv's CDU)

TABLE OF CONTENTS

  1. Overview
  2. Features
  3. System Requirements
  4. Installation
  5. Usage
  6. Configuration
  7. File Organization
  8. Troubleshooting
  9. FAQ
  10. Version History
  11. Author & License

================================================================================

  1. OVERVIEW ================================================================================

Parv's Case Download Utility (PCDU) is a Windows batch script designed to automate the download of NetScaler case files from remote analysis servers.

It efficiently retrieves:

  • Saved configurations (ns.conf)
  • Running configurations (ns_running_config.conf)
  • Packet captures (PCAP, CAP files)
  • SSL keys
  • HAR files
  • Screenshots and images
  • Log files and other case artifacts

The tool organizes downloaded files into a structured directory format for easy analysis and review.

================================================================================

  1. FEATURES ================================================================================

✓ Automatic Case File Discovery

  • Scans case directories for collector bundles
  • Identifies all relevant files automatically

✓ Selective Download

  • Downloads configs from inside collector bundles
  • Downloads captures/media from case root only
  • Excludes unnecessary files (support.tgz, full bundles)

✓ Smart Organization

  • configs/ - Configuration files
  • captures/ - PCAP, CAP, HAR, SSL keys
  • media/ - Screenshots and images
  • *.txt, *.log, *.xml - Root level files

✓ Performance Optimized

  • Single SSH scan for directory structure
  • Quiet mode transfers (no verbose output)
  • Filters authentication noise

✓ Comprehensive Logging

  • Detailed download log per case
  • Summary statistics
  • Error tracking

✓ Dual SCP Support

  • PuTTY (pscp.exe/plink.exe)
  • OpenSSH Client (scp/ssh)

================================================================================

  1. SYSTEM REQUIREMENTS ================================================================================

Operating System:

  • Windows 10 or later
  • Windows Server 2016 or later

Required Software (ONE of the following):

Option A - PuTTY Suite (Recommended):

- pscp.exe (PuTTY Secure Copy)
- plink.exe (PuTTY Link)
Download: https://www.putty.org/

Option B - OpenSSH Client:

- Built into Windows 10 (1809+) and Windows 11
- Enable via: Settings > Apps > Optional Features > OpenSSH Client

Network Requirements:

  • SSH access to myanalysis.web.server.local
  • Valid user credentials
  • Port 22 outbound access

Permissions:

  • Write access to %USERPROFILE%\Downloads\SJLNT\

================================================================================

  1. INSTALLATION ================================================================================

STEP 1: Download PCDU

Download the getlog.bat file to a convenient location: C:\Tools\PCDU\getlog.bat

STEP 2: Install SCP Tool

Option A - PuTTY (Recommended):

  1. Download PuTTY installer from https://www.putty.org/
  2. Run installer (installs to C:\Program Files\PuTTY\ by default)
  3. Add to PATH:
    • Right-click "This PC" > Properties
    • Advanced System Settings > Environment Variables
    • Edit "Path" under System Variables
    • Add: C:\Program Files\PuTTY\
    • Click OK

Option B - OpenSSH:

  1. Open Settings > Apps > Optional Features
  2. Click "Add a feature"
  3. Find "OpenSSH Client"
  4. Click Install
  5. Restart terminal/command prompt

STEP 3: Verify Installation

Open Command Prompt and run: pscp.exe

OR

scp

You should see usage information (not "command not found").

STEP 4: (Optional) Create Desktop Shortcut

  1. Right-click Desktop > New > Shortcut
  2. Location: C:\Windows\System32\cmd.exe /k C:\Tools\PCDU\getlog.bat
  3. Name: PCDU - Case Downloader
  4. Change icon if desired

================================================================================

  1. USAGE ================================================================================

BASIC USAGE

Double-click getlog.bat or run from command prompt:

getlog.bat

You'll be prompted for:

  1. Case Number (e.g., 909801482)
  2. SSH Username (e.g., john.doe)
  3. SSH Password (hidden input)

COMMAND-LINE USAGE

Syntax: getlog.bat [CASE_NUMBER] [USERNAME] [PASSWORD]

Examples:

Interactive mode:

getlog.bat

Case number only (prompts for credentials):

getlog.bat 909801482

Case + Username (prompts for password):

getlog.bat 909801482 john.doe

Fully automated (for scripts):

getlog.bat 909801482 john.doe MyP@ssw0rd

WORKFLOW

  1. Script connects to myanalysis.web.server.local via SSH
  2. Verifies case directory exists
  3. Scans for collector bundles and files (single SSH call)
  4. Downloads configurations from collector bundles
  5. Downloads captures/media from case root
  6. Organizes files into structured folders
  7. Generates download log
  8. Displays summary
  9. Optionally opens destination folder

================================================================================

  1. CONFIGURATION ================================================================================

REMOTE SERVER SETTINGS

Edit these variables in getlog.bat if needed:

Line ~45:

set "REMOTE_SERVER=myanalysis.web.server.local"

Line ~46:

set "REMOTE_BASE_PATH=/upload/logs/cases"

LOCAL DESTINATION

Default download location: %USERPROFILE%\Downloads\SJLNT<CASE_NUMBER>

To change, edit line ~75: set "DEST=%USERPROFILE%\Downloads\SJLNT\%CASENO%"

Example custom location: set "DEST=D:\CaseFiles\%CASENO%"

FILE TYPE FILTERS

To add/remove file types, edit the find command around line ~185:

Current filters: *.cap, *.pcap, *.pcapng - Packet captures *.sslkeys, *.keys - SSL key files *.har - HTTP Archive files *.xml - XML files *.jpg, *.jpeg, *.png, etc. - Image files *.txt, *.log, *.csv - Text/log files *.json - JSON files

================================================================================

  1. FILE ORGANIZATION ================================================================================

DIRECTORY STRUCTURE

After download, files are organized as follows:

%USERPROFILE%\Downloads\SJLNT<CASE_NUMBER>\ │ ├── configs\ │ ├── ns.conf_collector_P192.168.10.195_ │ ├── ns.conf_collector_S192.168.10.196_ │ ├── ns_running_config.conf_collectorP_ │ └── ns_running_config.conf_collectorS_ │ ├── captures\ │ ├── nstrace.cap │ ├── nstrace.pcap │ ├── traffic.sslkeys │ └── browser_session.har │ ├── media\ │ ├── error_screenshot.png │ ├── config_page.jpg │ └── network_diagram.png │ ├── config.xml ├── casenotes.txt ├── troubleshooting.log └── download.log

FILE NAMING CONVENTIONS

Configuration files from collector bundles are suffixed with collector name to prevent conflicts:

Original: ns.conf Downloaded as: ns.confcollector

This allows you to distinguish between Primary and Secondary configs when multiple collector bundles exist.

DOWNLOAD LOG

Each case download generates a log file: download_.log

Contains:

  • Timestamp
  • Connection details
  • Files found and downloaded
  • Errors (if any)
  • Summary statistics

================================================================================

  1. TROUBLESHOOTING ================================================================================

ISSUE: "pscp.exe not found" or "scp not found" SOLUTION:

  1. Verify installation:
    • Run: where pscp.exe OR where scp
  2. If not found, reinstall PuTTY or OpenSSH (see Section 4)
  3. Ensure PATH is set correctly
  4. Restart Command Prompt after PATH changes

ISSUE: "SSH connection failed" SOLUTION:

  1. Verify network connectivity:
    • Run: ping myanalysis.web.server.local
  2. Check credentials are correct
  3. Verify VPN connection (if required)
  4. Check firewall allows outbound port 22
  5. Try manual connection:
    • ssh username@myanalysis.web.server.local

ISSUE: "Case directory not found" SOLUTION:

  1. Verify case number is correct
  2. Check case exists on server:
    • SSH manually: ssh username@smyanalysis.web.server.local
    • Navigate: cd /upload/ftp/
  3. Ensure case has been uploaded to analysis server

    4. ISSUE: "No collector bundles found" SOLUTION:

    • This is normal if case doesn't have collector bundles
    • Script will still download files from case root
    • Check if support bundle was uploaded

    ISSUE: Files downloading slowly SOLUTION:

    1. Check network bandwidth
    2. Large PCAP files may take time
    3. Script uses optimized transfer mode
    4. Consider downloading during off-peak hours

    ISSUE: "Unable to identify Keyboard-interactive authentication prompts" SOLUTION:

    • This is a cosmetic warning, usually safe to ignore
    • Script filters these messages in v1.0
    • If persisting, update to latest version

    ISSUE: Download incomplete SOLUTION:

    1. Check download log for errors
    2. Verify disk space available
    3. Re-run script (safe to run multiple times)
    4. Check file permissions in destination folder

    ISSUE: Password prompt not working SOLUTION:

    1. Password is hidden during input (normal behavior)
    2. Type carefully and press Enter
    3. If automated, pass as 3rd parameter (not secure!)
    4. Consider SSH key authentication for automation

    ================================================================================

    1. FAQ ================================================================================

    Q: Is it safe to run the script multiple times on the same case? A: Yes. The script will overwrite existing files. Useful for resuming interrupted downloads.

    Q: Can I automate this for multiple cases? A: Yes. Create a wrapper script:

     FOR %%C IN (909801482 101801843 101801844) DO (
   getlog.bat %%C username password
 )

    Q: Does it download the entire collector bundle? A: No. It selectively downloads only ns.conf and running config from inside bundles. Other files come from case root only.

    Q: What about support.tgz files? A: These are intentionally excluded to save time and bandwidth.

    Q: Can I change the destination folder? A: Yes. Edit the DEST variable (see Section 6).

    Q: Does this work with SFTP servers? A: No. Currently supports SCP/SSH only. SFTP support may be added in future.

    Q: Will this work on Linux or Mac? A: No. This is a Windows batch script. However, the logic can be adapted to bash scripts for Unix-like systems.

    Q: How do I update PCDU? A: Download the latest getlog.bat and replace the old file.

    Q: Is password stored anywhere? A: No. Password is stored only in memory during script execution and is not logged or saved to disk.

    Q: Can I use SSH keys instead of password? A: Yes, if using OpenSSH. Configure SSH keys in ~/.ssh/ and remove password prompts from script.

    Q: What if I have multiple collector bundles (Primary/Secondary)? A: Script downloads configs from all collectors found and names them accordingly.

    ================================================================================

    1. VERSION HISTORY ================================================================================

    v1.0 - February 2026

    [+] Initial release [+] Auto-discovery of collector bundles [+] Selective config download from collectors [+] Case root file download (captures, media, logs) [+] Organized directory structure [+] Comprehensive logging [+] Dual SCP support (PuTTY/OpenSSH) [+] Performance optimization (single SSH scan) [+] Keyboard-interactive message filtering [+] Progress indicators and summary [+] ASCII art branding

    PLANNED FEATURES (Future Versions)

    [ ] Multi-case batch processing [ ] Resume capability for interrupted downloads [ ] SSH key authentication support [ ] Custom file type filters via config file [ ] Download only specific file types (flags) [ ] Compression of downloaded files [ ] Email notification on completion [ ] GUI version [ ] Linux/Mac bash script version [ ] Progress bars for large files [ ] Bandwidth limiting option

    ================================================================================

    1. AUTHOR & LICENSE ================================================================================

    AUTHOR

    Developed by: Parv Version: 1.0 Date: February 2026

    LICENSE

    This tool is provided "as-is" without warranty of any kind.

    You are free to:

    • Use this tool for personal or commercial purposes
    • Modify the code to suit your needs
    • Distribute modified or unmodified versions

    Please:

    • Give credit to the original author
    • Do not hold the author liable for any issues arising from use

    DISCLAIMER

    This tool is designed for authorized use only. Ensure you have proper authorization before connecting to remote servers and downloading case files.

    The author is not responsible for:

    • Unauthorized access to systems
    • Data loss or corruption
    • Network or system issues
    • Misuse of downloaded data

    ACKNOWLEDGMENTS

    Special thanks to:

    • PuTTY development team
    • OpenSSH project
    • NetScaler support community

    ================================================================================

    Thank you for using Parv's Case Download Utility (PCDU)!

    ================================================================================