Added Get-EventLogSz (after pulling upstream)
This commit is contained in:
parent
2aa29de253
commit
fefb5e2572
|
@ -0,0 +1,85 @@
|
|||
param(
|
||||
[string[]]$LogName=@("Varonis","System"),
|
||||
$ShowExisting=10,
|
||||
$MaxMessageLines=2,
|
||||
[switch]$NoWrap,
|
||||
[switch]$Wait
|
||||
)
|
||||
# $LogName=@("Varonis","System"); $ShowExisting=10
|
||||
|
||||
function internalFunction {
|
||||
|
||||
$local:logs = [ordered]@{}
|
||||
foreach( $local:n in $LogName ) {
|
||||
$logs[$n] = [PSCustomObject]([ordered]@{
|
||||
LogName=$n
|
||||
idx=[int]-1
|
||||
SourceParam=@{LogName=$n}
|
||||
})
|
||||
}
|
||||
|
||||
$data = @()
|
||||
foreach( $local:l in $logs.Values ) {
|
||||
if ($ShowExisting -gt 0) {
|
||||
$local:SourceParam = $l.SourceParam
|
||||
$local:latestRows = Get-WinEvent @SourceParam -max $ShowExisting |
|
||||
Select-Object -Property @{N='Log';E={$l.LogName}},*
|
||||
|
||||
$l.idx = $latestRows[0].RecordId | Measure-Object -Maximum | Select-Object -ExpandProperty Maximum
|
||||
|
||||
$data += $latestRows
|
||||
}
|
||||
else {
|
||||
$l.idx = (Get-WinEvent @SourceParam -max 1).RecordId
|
||||
}
|
||||
}
|
||||
|
||||
$data | Sort-Object TimeCreated
|
||||
|
||||
Write-Host -ForegroundColor Green "Reading Live EventLog... (To stop press [x], [q], <Enter>, <Space> or <Esc>)"
|
||||
|
||||
while ($Wait)
|
||||
{
|
||||
Start-Sleep -Milliseconds 100 # Required because of a bug with KeyAvailable
|
||||
$host.ui.RawUI.FlushInputBuffer(); # Required because of a bug with KeyAvailable
|
||||
Start-Sleep -Milliseconds 900
|
||||
$data = @()
|
||||
foreach( $local:l in $logs.Values ) {
|
||||
$local:SourceParam = $l.SourceParam
|
||||
$local:idx = (Get-WinEvent @SourceParam -MaxEvents 1).RecordId
|
||||
if ($idx -gt $l.idx) {
|
||||
$data += Get-WinEvent @SourceParam -MaxEvents ($idx - $l.idx) |
|
||||
Select-Object -Property @{N='Log';E={$l.LogName}},*
|
||||
}
|
||||
$l.idx = $idx
|
||||
}
|
||||
|
||||
$data | Sort-Object TimeCreated
|
||||
|
||||
Start-Sleep -Milliseconds 100
|
||||
# <Enter>,<Space>,<Esc>,[q] or [x] keys to terminate; might NOT work in embedded consoles (PowerShell ISE)!
|
||||
if( $Host.UI.RawUI.KeyAvailable ) {
|
||||
$local:key = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyUp,IncludeKeyDown")
|
||||
if( $key.KeyDown ) {
|
||||
if($key.VirtualKeyCode -in @(32, 13, 27) -or $key.Character -in @('q','x')) {
|
||||
break
|
||||
} elseif( $key.Character -in @('-','=') ) {
|
||||
Write-Host -ForegroundColor Yellow $(([string]($key.Character))*60)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
internalFunction |
|
||||
Select-Object -Property *,@{
|
||||
L='MessageShort';E={
|
||||
$_.Message.Trim() -replace "`nMessage(?: Content)?:\W","`n" -split "`n" |
|
||||
Where-Object { $_.Trim() -and $_ -notmatch "^(?:TimeStamp):\W?" } |
|
||||
Out-String -Stream |
|
||||
Select-Object -First $MaxMessageLines |
|
||||
Join-String "'`n+-- '"
|
||||
}
|
||||
} |
|
||||
Select-Object -OutVariable global:elOut |
|
||||
Format-Table -Property Log,RecordId,TimeCreated,LevelDisplayName,ProviderName,MessageShort -Wrap:$(-not $NoWrap)
|
Loading…
Reference in New Issue