I started my adventure to do more by searching online for anything that met my needs:
- Read logs in the SCCM format
- Parse a single log or multiple logs (must provide filename as a property)
- Provide either local or UTC timestamps for global troubleshooting
- Accepts logs directly or via pipeline
After not finding anything suitable, I set about writing my own. Thankfully the fields in the log file are self-explanatory as key=value pairs and we can use basic regex to capture them.
- Message
- Time
- Date
- Component
- Context
- Type
- Thread
- File
To satisfy the local and UTC timestamps requirement, I had to add some additional regex capture groups that were then passed to the [DateTime]::ParseExact .Net method. I then added the fields into a [PSCustomObject]. The regex and object were then wrapped in a foreach loop that processes log lines read in via Get-Content. Since I also had a requirement of passing in multiple files and showing which line came from which log, I captured the current file name via Split-Path and also added that as a property to the object. And to support the ability to specify logs through the pipeline, a Process block was added and then a loop to read in each file.
Meeting these requirements allow us to do fun stuff like the following:
Show me the log entries in SMSTS.log
Get-CMLog smsts.log
Show me all log entries for CM logs and sort them by date
Get-ChildItem -Path C:\Windows\CCM\Logs | Get-CMLog | Sort-Object UTCTime
Get-CMLog -Path .\SMSTS.log | ?{$_.Message -match 'Error'}
Show me all log entries for logs that contain an error
Show me all log entries for logs that contain an error
Get-ChildItem -Path C:\Windows\CCM\Logs | Select-String -Pattern 'error' | Select -Unique Path | Get-CMLog
Awesome and very useful script. I added a couple things to it. to allow for mulitple file get and a full folder get for extension .log you can see my update here:
ReplyDeletehttps://gist.github.com/crshnbrn66/de8fe487a66814ee35c6318d9a41a28b
Thanx for sharing this script