Get-IntuneMIWin32Logs

1.12

Get-IntuneMIWin32Logs.ps1

                                
<#PSScriptInfo

.VERSION 1.12

.GUID 0f5a4a8f-a301-4933-9b08-da09bc38b401

.AUTHOR PiotrG

.COMPANYNAME 

.COPYRIGHT 

.TAGS 

.LICENSEURI 

.PROJECTURI 

.ICONURI 

.EXTERNALMODULEDEPENDENCIES 

.REQUIREDSCRIPTS 

.EXTERNALSCRIPTDEPENDENCIES 

.RELEASENOTES

#>

<# 

.DESCRIPTION 

 Sample script to get Win32App entries from IntuneManagedInstaller.log 

#> 

Param(

    [Parameter(Mandatory = $false,

        HelpMessage = "The name of the logfile. IntuneManagedExtension.log is used by default",

        ParameterSetName = "LogFileName")]

    [String]   

    $LogFileName = "IntuneManagementExtension.log"

)

$LogFilePath = "c:\ProgramData\Microsoft\IntuneManagementExtension\Logs\$($LogFileName)"

Function ShowCMLog ($sLine) {

    $reLine = ([regex]'<!\[LOG\[(.+)\]LOG\]!>').matches($sLine); 

    if ($reline.count -gt 0 ) { $body = $reLine[0].Groups[1].Value } 

    $reLine = ([regex]'<time="(.+)" date="(.+)" component').matches($sLine); 

    if ($reline.count -gt 0 ) { $DateTime = $reLine[0].Groups[2].Value + " " + $reLine[0].Groups[1].Value }  

    $oLog = New-Object System.Object;

    $oLog | Add-Member -type NoteProperty -name DateTime -value $DateTime;

    $oLog | Add-Member -type NoteProperty -name Message -value  $body

    $oLog = $oLog | Sort-Object 'DateTime'

    if ($reline.count -gt 0 ) {

        write-host $oLog.DateTime $oLog.Message

    }

}

$content2 = @()

if (Test-Path $LogFilePath) {

    while (1) {

        $content3 = @()

        $content = get-content $LogFilePath | Select-String -pattern "\[Win32App\]" 

        $content = $content | select-string -Pattern "BackgroundWorker is checking at" -NotMatch

        $content = $content | select-string -Pattern "Total valid AAD User session count is" -NotMatch 

        $content = $content | select-string -Pattern "ESP checker found 0 session for user" -NotMatch

        $content = $content | select-string -Pattern "active user sessions" -NotMatch

        $content = $content | Select-Object -last 100

        $content3 = Compare-Object -ReferenceObject $content -DifferenceObject $content2

        #$content =( $content | Where-Object { $_ -like  } )

        foreach ($line in ($content3.InputObject) ) {

            ShowCMLog $line

        }

        $content2 = $content

        start-sleep -Seconds 1

    }

} else {

    write-host "File $($LogFilePath) doesn't exist"

}