Replaces Get-EventLog with Get-WinEvent #159

LordHepipud · 2021-04-28T07:56:50Z

Replaces the deprecated function Get-EventLog with Get-WinEvent. In addition, the plugin received a new argument -MaxEntries to allow additional filtering for the number of events fetched to improve performance in addition. The EventLog now also supports an array with list items, allowing easier filtering for severities which are allowed inside the EventLog.

K0nne · 2021-05-12T12:45:18Z

The PR is working great so far. Now we can access all eventlogs.

I made the observation, that with the new version IncludeSource needs to be quoted, if spaces are present. Otherwise an exception occures. Not sure if this is a bug or not.

before: (framework: 1.4.1, plugins: 1.4.0)

icinga> Invoke-IcingaCheckEventlog -LogName System -IncludeEventId 7024 -IncludeSource Service Control Manager -Maxentri
es 3000 -warning 1 -critical 1
[OK] Check package "EventLog"
|
0

after: (framework: current master, plugins: this pr)

exception without quotes

icinga> Invoke-IcingaCheckEventlog -LogName System -IncludeEventId 7024 -IncludeSource Service Control Manager -Maxentries 3000 -warning 1 -critical 1
Exception calling "Translate" with "1" argument(s): "Some or all identity references could not be translated."
At C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-framework\cache\framework_cache.psm1:13400 char:9
+         $SecurityData = $NTUser.Translate([System.Security.Principal. ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : IdentityNotMappedException

ok with quotes

icinga> Invoke-IcingaCheckEventlog -LogName System -IncludeEventId 7024 -IncludeSource 'Service Control Manager' -Maxentries 3000 -warning 1 -critical 1
[OK] Check package "EventLog"
|
0

I still need to test with the new and the old version, if I get the same results. I do this later.

K0nne · 2021-05-12T13:04:23Z

The filtering for eventid and eventsource is also working as expected.
You did great work here 💯

LordHepipud · 2021-05-17T10:14:39Z

Thanks!

…_get_winevent Replaces Get-EventLog with Get-WinEvent Replaces the deprecated function `Get-EventLog` with `Get-WinEvent`. In addition, the plugin received a new argument `-MaxEntries` to allow additional filtering for the number of events fetched to improve performance in addition. The EventLog now also supports an array with list items, allowing easier filtering for severities which are allowed inside the EventLog.

LordHepipud self-assigned this Apr 28, 2021

LordHepipud added the enhancement New feature or request label Apr 28, 2021

LordHepipud added this to the v1.5.0 milestone Apr 28, 2021

Replaces Get-EventLog with Get-WinEvent

384417a

LordHepipud force-pushed the feature/replace_get_eventlog_with_get_winevent branch from fb877ff to 384417a Compare April 28, 2021 07:59

LordHepipud linked an issue Apr 28, 2021 that may be closed by this pull request

Invoke-IcingaCheckEventlog - unable to process Hyper-V eventlogs #153

Closed

LordHepipud merged commit 8e0ba01 into master May 17, 2021

LordHepipud deleted the feature/replace_get_eventlog_with_get_winevent branch May 17, 2021 10:15

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Replaces Get-EventLog with Get-WinEvent #159

Replaces Get-EventLog with Get-WinEvent #159

LordHepipud commented Apr 28, 2021 •

edited

Loading

K0nne commented May 12, 2021 •

edited

Loading

K0nne commented May 12, 2021

LordHepipud commented May 17, 2021

Replaces Get-EventLog with Get-WinEvent #159

Replaces Get-EventLog with Get-WinEvent #159

Conversation

LordHepipud commented Apr 28, 2021 • edited Loading

K0nne commented May 12, 2021 • edited Loading

K0nne commented May 12, 2021

LordHepipud commented May 17, 2021

LordHepipud commented Apr 28, 2021 •

edited

Loading

K0nne commented May 12, 2021 •

edited

Loading