Get-IntuneMIWin32Logs.ps1


<#PSScriptInfo
 
.VERSION 1.17
 
.GUID 0f5a4a8f-a301-4933-9b08-da09bc38b401
 
.AUTHOR PiotrG
 
.COMPANYNAME
 
.COPYRIGHT
 
.TAGS
 
.LICENSEURI
 
.PROJECTURI
 
.ICONURI
 
.EXTERNALMODULEDEPENDENCIES
 
.REQUIREDSCRIPTS
 
.EXTERNALSCRIPTDEPENDENCIES
 
.RELEASENOTES
 
 
#>


<#
 
.DESCRIPTION
 Sample script to get Win32App entries from IntuneManagedInstaller.log
 If you want to provide feedback or contribute, please use Github website: https://github.com/pgardy/Get-IntuneMIWin32Logs
 
 
#>
 
Param(
    [Parameter(Mandatory = $false,
        HelpMessage = "The name of the logfile. IntuneManagedExtension.log is used by default")]
    [String]$LogFileName = "IntuneManagementExtension.log",
    
    [Parameter(Mandatory = $false,
        HelpMessage = "The number of last lines to return")]
    [Int]$LinesNumber = 100,
    
    [Parameter(Mandatory = $false,
        HelpMessage = "Tai mode enabled")]
    [Bool]$TailModeEnabled = $true
)
$LogFilePath = "c:\ProgramData\Microsoft\IntuneManagementExtension\Logs\$($LogFileName)"
Function ShowCMLog ($sLine) {
    $reLine = ([regex]'<!\[LOG\[(.+)\]LOG\]!>').matches($sLine); 
    if ($reline.count -gt 0 ) { $body = $reLine[0].Groups[1].Value } 
    $reLine = ([regex]'<time="(.+)" date="(.+)" component').matches($sLine); 
    if ($reline.count -gt 0 ) { 
        $DateTime = $reLine[0].Groups[2].Value + " " + $reLine[0].Groups[1].Value 
    }  
    $oLog = New-Object System.Object;
    $oLog | Add-Member -type NoteProperty -name DateTime -value $DateTime;
    $oLog | Add-Member -type NoteProperty -name Message -value  $body
    $oLog = $oLog | Sort-Object 'DateTime'
    if ($reline.count -gt 0 ) {
        if ($oLog.Message -ilike "*exception*") {
            write-host -Foreground Yellow "$($oLog.DateTime) $($oLog.Message)"
        }
        else {
            write-host  "$($oLog.DateTime) $($oLog.Message)"
        }
    }
}
Function ShowFilteredContent {
    $global:content = $global:content | select-string -Pattern "BackgroundWorker is checking at" -NotMatch
    $global:content = $global:content | select-string -Pattern "Total valid AAD User session count is" -NotMatch 
    $global:content = $global:content | select-string -Pattern "ESP checker found 0 session for user" -NotMatch
    $global:content = $global:content | select-string -Pattern "active user sessions" -NotMatch
    $global:content = $global:content | Select-Object -last $LinesNumber
    $global:content3 = @()
    $global:content3 = Compare-Object -ReferenceObject $global:content -DifferenceObject $global:content2
    #$content =( $content | Where-Object { $_ -like } )
    foreach ($line in ($global:content3.InputObject) ) {
        ShowCMLog $line
    }
    $global:content2 = $global:content
}

Function ProcessLog {
    $global:content = @()
    $FileContent = get-content $LogFilePath
    $FileContent2 = @()
    for ($i = 0; $i -lt $FileContent.Length; $i++) {
        if ($null -ne ([regex]'<!\[LOG\[(.+)\]LOG\]!>').matches($FileContent[$i]).Success) {
            $FileContent2 += $FileContent[$i]
        }
        else {
            if ($null -ne ([regex]'<!\[LOG\[(.+)').matches($FileContent[$i]).Success) {
                $merged = $false
                [string]$str = $FileContent[$i]
                while (!$merged) {
                    $i++;
                    $str += $FileContent[$i]
                    if ($null -ne ([regex]'\]LOG\]!>').matches($FileContent[$i]).Success) {
                        $merged = $true
                        $FileContent2 += $str
                    }
                }
            } 
        }
    }
    $global:content += $FileContent2  | Select-String -pattern "\[Win32App\]"
    $global:content += $FileContent2  | Select-String -pattern "WebException"
    ShowFilteredContent | Sort-Object
}

$global:content2 = @()
if (Test-Path $LogFilePath) {
    if ($TailModeEnabled) {
        while (1) {
            ProcessLog
            start-sleep -Seconds 1
        } 
    }
    else {
        ProcessLog
    }
}
else {
    "File $($LogFilePath) doesn't exist"
}