Home
  •  

Data On Demand windows event log enumeration write action

Community.DataOnDemand.WriteAction.GetEventLogs (WriteActionModuleType)

Displays n events from the specified windows event log.

Element properties:

TypeWriteActionModuleType
IsolationAny
AccessibilityPublic
RunAsDefault
InputTypeSystem.BaseData

Member Modules:

ID Module Type TypeId RunAs 
WA WriteAction Microsoft.Windows.PowerShellWriteAction Default

Overrideable Parameters:

IDParameterTypeSelectorDisplay NameDescription
LogNamestring$Config/LogName$Event log NameE.g. application, system, security.
Afterstring$Config/After$Start DateOptional start date of records
Beforestring$Config/Before$End DateOptional End date of records
Topint$Config/Top$Display countNumber of records to retrieve
EntryTypestring$Config/EntryType$SeverityOptional. Valid values are Error, Information,FailureAudit, SuccessAudit, and Warning.
Formatstring$Config/Format$Output formatAllowed values: csv, json, text.
TimeoutSecondsint$Config/TimeoutSeconds$Timeout (Seconds)Script timeout in seconds

Source Code:

<WriteActionModuleType ID="Community.DataOnDemand.WriteAction.GetEventLogs" Accessibility="Public" Batching="false">

  <Configuration>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="LogName" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="After" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="Before" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="Top" type="xsd:int"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="EntryType" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="Format" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="TimeoutSeconds" type="xsd:int"/>

  </Configuration>

  <OverrideableParameters>

    <OverrideableParameter ID="LogName" Selector="$Config/LogName$" ParameterType="string"/>

    <OverrideableParameter ID="After" Selector="$Config/After$" ParameterType="string"/>

    <OverrideableParameter ID="Before" Selector="$Config/Before$" ParameterType="string"/>

    <OverrideableParameter ID="Top" Selector="$Config/Top$" ParameterType="int"/>

    <OverrideableParameter ID="EntryType" Selector="$Config/EntryType$" ParameterType="string"/>

    <OverrideableParameter ID="Format" Selector="$Config/Format$" ParameterType="string"/>

    <OverrideableParameter ID="TimeoutSeconds" Selector="$Config/TimeoutSeconds$" ParameterType="int"/>

  </OverrideableParameters>

  <ModuleImplementation>

    <Composite>

      <MemberModules>

        <WriteAction ID="WA" TypeID="Windows!Microsoft.Windows.PowerShellWriteAction">

          <ScriptName>Get-EventLogs.ps1</ScriptName>

          <ScriptBody><Script>&lt;#

.SYNOPSIS

    Community.DataOnDemand process enumeration script

.DESCRIPTION

    This script enumerates processes and outputs formatted text

.PARAMETER LogName

    Log name. E.g. application, system, security.

.PARAMETER After

    (optional) Gets only the events that occur after the specified date/time

.PARAMETER Before

    (optional) Gets only the events that occur before the specified date/time

.PARAMETER Top

    (optional) Max number of results to output

.PARAMETER EntryType

    (optional) Valid values are Error, Information,FailureAudit, SuccessAudit, and Warning.

.PARAMETER Format

    Permitted values: text, csv, json

.NOTES

    Copyright 2016 Squared Up Limited, All Rights Reserved.

#&gt;

Param(

    [string] $LogName = "system",

    [string] $After,

    [string] $Before,

    [nullable[int]] $Top,

    [string] $EntryType,

    [ValidateSet("text","csv","json", "list")]

    [string] $Format = "csv"

)



#Requires -Version 2.0

Set-StrictMode -Version 2.0

$ErrorActionPreference = "stop"



$Params = @{

    "LogName"=$LogName;

};

if ($After) {

    $Params.Add("After", [DateTime]::Parse($After));

}

if ($Before) {

    $Params.Add("Before", [DateTime]::Parse($Before));

}

if ($Top) {

    $Params.Add("Newest", $Top);

}

if ($EntryType) {

    $Params.Add("EntryType", $EntryType);

}



$EventLogs = Get-EventLog @Params



# Get properties of object to be displayed in output (Get-Memeber does not honor order of properties in object)

[System.Collections.ArrayList]$OutPutOrdering = $EventLogs | Get-Member -MemberType AliasProperty,Property | Select-Object -ExpandProperty Name

# Add proprty being sorted, so it will be the first property to be displayed in output(will generate duplicate entry)

$OutPutOrdering.Insert(0,"TimeGenerated") 

# Remove the duplicate from the list of properties (will preserve the first one in the list)

$OutPutOrdering = $OutPutOrdering | Select-Object -Unique



if ($Format -eq 'text')

{

    $EventLogs `

        | Sort-Object -Property TimeGenerated -Descending `

        | Select-Object -Property $OutPutOrdering `

        | Format-Table -AutoSize `

        | Out-String -Width 4096 `

        | Write-Host

}

elseif ($Format -eq 'csv')

{

    $EventLogs `

        | Sort-Object -Property TimeGenerated -Descending `

        | Select-Object -Property $OutPutOrdering `

        | ConvertTo-Csv -NoTypeInformation `

        | Out-String -Width 4096 `

        | Write-Host

}

elseif ($Format -eq 'json')

{

    $EventLogs `

        | Sort-Object -Property TimeGenerated -Descending `

        | Select-Object -Property $OutPutOrdering `

        | ConvertTo-Json `

        | Out-String -Width 4096 `

        | Write-Host

}

elseif ($format -eq 'list')

{

    $EventLogs `

        | Sort-Object -Property TimeGenerated -Descending `

        | Select-Object -Property $OutPutOrdering `

        | Format-List `

        | Out-String -Width 4096 `

        | Write-Host

}



# Done. (do not remove blank line following this comment as it can cause problems when script is sent to SCOM agent!)

</Script></ScriptBody>

          <Parameters>

            <Parameter>

              <Name>LogName</Name>

              <Value>$Config/LogName$</Value>

            </Parameter>

            <Parameter>

              <Name>After</Name>

              <Value>$Config/After$</Value>

            </Parameter>

            <Parameter>

              <Name>Before</Name>

              <Value>$Config/Before$</Value>

            </Parameter>

            <Parameter>

              <Name>Top</Name>

              <Value>$Config/Top$</Value>

            </Parameter>

            <Parameter>

              <Name>EntryType</Name>

              <Value>$Config/EntryType$</Value>

            </Parameter>

            <Parameter>

              <Name>Format</Name>

              <Value>$Config/Format$</Value>

            </Parameter>

          </Parameters>

          <TimeoutSeconds>$Config/TimeoutSeconds$</TimeoutSeconds>

        </WriteAction>

      </MemberModules>

      <Composition>

        <Node ID="WA"/>

      </Composition>

    </Composite>

  </ModuleImplementation>

  <InputType>System!System.BaseData</InputType>

</WriteActionModuleType>