-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathCreate-EventLog-and-Event.ps1
61 lines (43 loc) · 2.01 KB
/
Create-EventLog-and-Event.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# Working with New Event Logs and saving Events to them
# https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.management/new-eventlog
# https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.management/write-eventlog
# https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.management/remove-eventlog
function Deploy-EventLog{
[CmdletBinding()]
param(
[Parameter()]
[string]$LogName,
[Parameter()]
[string]$Source,
[Parameter()]
[string]$EventID,
[Parameter()]
[string]$EntryType,
[Parameter()]
[string]$Category,
[Parameter()]
[string]$Message,
[Parameter()]
[string]$RawData
)
if ($RawData){
[byte[]]$RawData = $RawData.split(",")
}
if (Get-EventLog -list | Where-Object {$_.logdisplayname -eq $LogName}) {
Write-Verbose ("Log '{0}' already exists..." -f $source)
} else {
Write-Verbose "The log does not already exist."
New-EventLog -LogName $LogName -Source $Source
Write-Verbose ("Log '{0}' created!" -f $LogName)
}
if (Get-EventLog -list | Where-Object {$_.logdisplayname -eq $LogName}) {
Write-Verbose ("Log '{0}' already exists..." -f $Source)
Write-EventLog -LogName $LogName -Source $Source -EventID $EventID -EntryType $EntryType -Category $Category -Message ($Message[00.32000] -join "") -RawData $RawData
} else {
Write-Verbose "The log does not already exist, and could not be created."
}
}
Deploy-EventLog -logname "TestLog" -source "TestApp" -EventID 1 -EntryType "Information" -Category 1 -Message "MyApp added a user-requested feature to the display." -RawData "10,20"
Deploy-EventLog -logname "TestLog" -source "TestApp" -EventID 2 -EntryType "Information" -Category 4 -Message "An event without RawData!"
Deploy-EventLog -logname "TestLog" -source "TestApp" -EntryType "Information" -Message "An event with the bare basics."
Remove-EventLog -LogName "TestLog"