Get-IntuneMIWin32Logs.ps1


<#PSScriptInfo
 
.VERSION 1.03
 
.GUID 0f5a4a8f-a301-4933-9b08-da09bc38b401
 
.AUTHOR pgardy
 
.COMPANYNAME
 
.COPYRIGHT
 
.TAGS
 
.LICENSEURI
 
.PROJECTURI
 
.ICONURI
 
.EXTERNALMODULEDEPENDENCIES
 
.REQUIREDSCRIPTS
 
.EXTERNALSCRIPTDEPENDENCIES
 
.RELEASENOTES
 
 
#>


<#
 
.DESCRIPTION
 Sample script to get Win32App entries from IntuneManagedInstaller.log
 
#>
 
Param()
$LogFilePath = "c:\ProgramData\Microsoft\IntuneManagementExtension\Logs\IntuneManagementExtension.log"
$LogFilePath = "C:\_MY_DATA_\Corp\!!!!_MS_Temp\temp-MS\b\IntuneManagementExtension.log"
Function ShowCMLog ($sLine) {
    $reLine = ([regex]'<!\[LOG\[(.+)\]LOG\]!>').matches($sLine); 
    if ($reline.count -gt 0 ) { $body = $reLine[0].Groups[1].Value } 
    $reLine = ([regex]'<time="(.+)" date="(.+)" component').matches($sLine); 
    if ($reline.count -gt 0 ) { $DateTime = $reLine[0].Groups[2].Value + " " + $reLine[0].Groups[1].Value }  
    $oLog = New-Object System.Object;
    $oLog | Add-Member -type NoteProperty -name DateTime -value $DateTime;
    $oLog | Add-Member -type NoteProperty -name Message -value  $body
    $oLog = $oLog | Sort-Object 'DateTime'
    if ($reline.count -gt 0 ) {
        write-host $oLog.DateTime $oLog.Message
    }
   
}
while (1) {

    $content = get-content $LogFilePath | Select-String -pattern "\[Win32App\]" 
        |select-string -Pattern "BackgroundWorker is checking at" -NotMatch 
        |select-string -Pattern "Total valid AAD User session count is" -NotMatch 
        |select-string -Pattern "ESP checker found 0 session for user" -NotMatch
        |select-string -Pattern "active user sessions" -NotMatch
        |Select-Object -last 20
    #$content =( $content | Where-Object { $_ -like } )
    foreach ($line in $content) {
        ShowCMLog $line
    }
    start-sleep -Seconds 10
}