Audit log error handling

KelvinTegelaar · Oct 11, 2024 · 848f408 · 848f408
1 parent cf40591
commit 848f408
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 3 deletions.
diff --git a/Modules/CIPPCore/Public/AuditLogs/Get-CippAuditLogSearchResults.ps1 b/Modules/CIPPCore/Public/AuditLogs/Get-CippAuditLogSearchResults.ps1
@@ -18,6 +18,6 @@ function Get-CippAuditLogSearchResults {
     )
 
     process {
-        New-GraphGetRequest -uri ('https://graph.microsoft.com/beta/security/auditLog/queries/{0}/records?$top=999' -f $QueryId) -AsApp $true -tenantid $TenantFilter
+        New-GraphGetRequest -uri ('https://graph.microsoft.com/beta/security/auditLog/queries/{0}/records?$top=999' -f $QueryId) -AsApp $true -tenantid $TenantFilter -ErrorAction Stop
     }
 }
diff --git a/...c/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ListAuditLogSearches.ps1 b/...c/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ListAuditLogSearches.ps1
@@ -20,7 +20,11 @@ function Invoke-ListAuditLogSearches {
                 } | ConvertTo-Json -Depth 10 -Compress
             }
             'SearchResults' {
-                $Results = Get-CippAuditLogSearchResults -TenantFilter $Request.Query.TenantFilter -QueryId $Request.Query.SearchId
+                try {
+                    $Results = Get-CippAuditLogSearchResults -TenantFilter $Request.Query.TenantFilter -QueryId $Request.Query.SearchId
+                } catch {
+                    $Results = @{ Error = $_.Exception.Message }
+                }
                 $Body = @{
                     Results  = @($Results)
                     Metadata = @{

diff --git a/Modules/CIPPCore/Public/Webhooks/Test-CIPPAuditLogRules.ps1 b/Modules/CIPPCore/Public/Webhooks/Test-CIPPAuditLogRules.ps1
@@ -35,7 +35,13 @@ function Test-CIPPAuditLogRules {
         }
     }
     #write-warning 'Getting audit records from Graph API'
-    $SearchResults = Get-CippAuditLogSearchResults -TenantFilter $TenantFilter -QueryId $SearchId
+    try {
+        $SearchResults = Get-CippAuditLogSearchResults -TenantFilter $TenantFilter -QueryId $SearchId
+    } catch {
+        Write-Warning "Error getting audit logs: $($_.Exception.Message)"
+        Write-LogMessage -API 'Webhooks' -message "Error getting audit logs for search $($SearchId)" -LogData (Get-CippException -Exception $_) -sev Error -tenant $TenantFilter
+        throw $_
+    }
     $LogCount = ($SearchResults | Measure-Object).Count
     $RunGuid = New-Guid
     Write-Warning "Logs to process: $LogCount - RunGuid: $($RunGuid) - $($TenantFilter)"