Logic error 3, should not reach here..

[ManuelBerrueta]

I was running the script like so .\DeepBlue.ps1 C:\Path\Tp\myEvtxFile.evtx
I verified that I am using a valid evtx file and it opens fine with Event Viewer.
I am reaching this Logic error 3, should not reach here..

I commented out that check on the switch and then it would hit a following Logic error 1, should not reach here....

Unfortunately, I cannot provide the evtx file for testing which I am sure would be helpful.

I can share that issue looks to be an unsupported type in the $event.LogName of Microsoft-Windows-TerminalServices-RDPClient/Operational. Which looks not to be supported at the moment in the code.

As a thought/suggestion, it may be worthwhile to have some kind of processing anyway, even if is not a supported LogName to try to get something useful out of it.

[silicon-cowboi]

It looks like the script wants the .evtx file named a specific way. Once I changed the name of mine to Security.evtx it worked
switch ($event.LogName){
"Security" {$logname="Security"}
"System" {$logname="System"}
"Application" {$logname="Application"}
"Microsoft-Windows-AppLocker/EXE and DLL" {$logname="Applocker"}
"Microsoft-Windows-PowerShell/Operational" {$logname="Powershell"}
"Microsoft-Windows-Sysmon/Operational" {$logname="Sysmon"}
"Microsoft-Windows-WMI-Activity/Operational" {$logname="WMI-Activity"}
default {"Logic error 3, should not reach here...";Exit 1}
}