[PowerShell] Log Functions for Custom Modules

The Get-Log function fetches the log files at the provided LogPath and filter the entries by any applicable filter parameters. If no LogPath is provided, the function will use to the default value embedded in the function.

Get-Log.ps1

<#
.Synopsis
   This cmdlet returns a collection of filtered log entries retrieved from log server.
.DESCRIPTION
   This cmdlet returns a collection of filtered log entries retrieved from log server.
.EXAMPLE
   Get-Log -Type Fail
.EXAMPLE
   Get-Log -Type Info -Module MyCustomModuleName -Target TargetComputer
   
.NOTES
   
Disclaimer:
  This code is provided "as is" and with no expressed guarantees. The code provider makes no representations or warranties of any kind concerning 
the safety, suitability, inaccuracies, typographical errors, or other harmful components of this code. There are inherent dangers in the use of 
any code, and you are solely responsible for determining whether this code is compatible with your equipment and other software installed on your 
equipment. You are also solely responsible for the protection of your equipment and backup of your data, and the provider will not be liable for 
any damages you may suffer in connection with using, modifying, or distributing this code.

 
AUTHOR:
Justin C.
#>

Function Get-Log
{
    [Alias()]
    Param
    (
        #Log Type Filter
        [Alias("Type")]
        [ValidateSet("Pass", "Fail", "Info", "Test")]
        [Parameter(ValueFromPipelineByPropertyName)]
        [String] $LogType,

        #Module Filter
        [Parameter(ValueFromPipelineByPropertyName)]
        [String] $Module,

        #Function Filter
        [Parameter(ValueFromPipelineByPropertyName)]
        [String] $Function,

        #Target Object Filter
        [Alias("ComputerName","Identity","Name")]
        [Parameter(ValueFromPipelineByPropertyName)]
        [String] $Target,

        #Arguments Filter
        [Parameter(ValueFromPipelineByPropertyName)]
        [String] $Arguments,

        #User Filter
        [Parameter(ValueFromPipelineByPropertyName)]
        [String] $User,

        #Computer Filter
        [Parameter(ValueFromPipelineByPropertyName)]
        [String] $Computer,

        #Remarks
        [Alias("Remark", "Comment", "Comments", "Note", "Notes")]
        [Parameter(ValueFromPipelineByPropertyName)]
        [String] $Remarks="",

        #Error Message
        [Parameter(ValueFromPipelineByPropertyName)]
        [String] $ErrorMsg,

        #Log Path
        [Parameter(ValueFromPipelineByPropertyName)]
        [String] $LogPath = "\\LogServerName\Logs"

    )
    Begin {
        If ((Get-Item $LogPath) -is [System.IO.DirectoryInfo]){
            $LogFiles = Get-Item (Join-Path $LogPath "*.csv")
        } Else {
            $LogFiles = Get-Item $LogPath
        }
        $Results = @()
    }
    Process {
        ForEach ($LogFile in $LogFiles){
            Write-Verbose "Log File: $($LogFile.FullName)"
            $Logs = Import-Csv $LogFile
            Write-Verbose "Filters:"
            If ($LogType){
                Write-Verbose "Type: $LogType"
                $Logs = ($Logs | Where-Object -Property Type -Match $LogType)}
            If ($Module -ne $null){
                Write-Verbose "Module: $Module"
                $Logs = ($Logs | Where-Object -Property Module -Match ".*$Module.*")}
            If ($Function -ne $null){
                Write-Verbose "Function: $Function"
                $Logs = ($Logs | Where-Object -Property Function -Match ".*$Function.*")}
            If ($Target -ne $null){
                Write-Verbose "Target: $Target"
                $Logs = ($Logs | Where-Object -Property Target -Match ".*$Target.*")}
            If ($Arguments -ne $null){
                Write-Verbose "Arguments: $Arguments"
                $Logs = ($Logs | Where-Object -Property Arguments -Match ".*$Arguments.*")}
            If ($User -ne $null){
                Write-Verbose "User: $User"
                $Logs = ($Logs | Where-Object -Property User -Match $User)}
            If ($Computer -ne $null){
                Write-Verbose "Computer: $Computer"
                $Logs = ($Logs | Where-Object -Property Computer -Match ".*$Computer.*")}
            If ($Remarks -ne $null){
                Write-Verbose "Remarks: $Remarks"
                $Logs = ($Logs | Where-Object -Property Remarks -Match ".*$Remarks.*")}
            If ($ErrorMsg -ne $null){
                Write-Verbose "Error Message: $ErrorMsg"
                $Logs = ($Logs | Where-Object -Property ErrorData -Match ".*$ErrorMsg.*")}
            $Results += $Logs
        }
    }
	End {Return $Results}
}

If you have any ideas or suggestions please leave a comment.

Justin C. (Author Profile)

Justin C.

Technology Enthusiast

I’m a Soldier by day and coder by night. A life long learner of cyber security, penetration testing, machine learning, circuit design, art, and photography.

Liked it? Take a second to support Justin on Patreon!
Pages: 1 2
%d bloggers like this: