Get-IntuneMIWin32Logs.ps1
<#PSScriptInfo .VERSION 1.03 .GUID 0f5a4a8f-a301-4933-9b08-da09bc38b401 .AUTHOR pgardy .COMPANYNAME .COPYRIGHT .TAGS .LICENSEURI .PROJECTURI .ICONURI .EXTERNALMODULEDEPENDENCIES .REQUIREDSCRIPTS .EXTERNALSCRIPTDEPENDENCIES .RELEASENOTES #> <# .DESCRIPTION Sample script to get Win32App entries from IntuneManagedInstaller.log #> Param() $LogFilePath = "c:\ProgramData\Microsoft\IntuneManagementExtension\Logs\IntuneManagementExtension.log" $LogFilePath = "C:\_MY_DATA_\Corp\!!!!_MS_Temp\temp-MS\b\IntuneManagementExtension.log" Function ShowCMLog ($sLine) { $reLine = ([regex]'<!\[LOG\[(.+)\]LOG\]!>').matches($sLine); if ($reline.count -gt 0 ) { $body = $reLine[0].Groups[1].Value } $reLine = ([regex]'<time="(.+)" date="(.+)" component').matches($sLine); if ($reline.count -gt 0 ) { $DateTime = $reLine[0].Groups[2].Value + " " + $reLine[0].Groups[1].Value } $oLog = New-Object System.Object; $oLog | Add-Member -type NoteProperty -name DateTime -value $DateTime; $oLog | Add-Member -type NoteProperty -name Message -value $body $oLog = $oLog | Sort-Object 'DateTime' if ($reline.count -gt 0 ) { write-host $oLog.DateTime $oLog.Message } } while (1) { $content = get-content $LogFilePath | Select-String -pattern "\[Win32App\]" |select-string -Pattern "BackgroundWorker is checking at" -NotMatch |select-string -Pattern "Total valid AAD User session count is" -NotMatch |select-string -Pattern "ESP checker found 0 session for user" -NotMatch |select-string -Pattern "active user sessions" -NotMatch |Select-Object -last 20 #$content =( $content | Where-Object { $_ -like } ) foreach ($line in $content) { ShowCMLog $line } start-sleep -Seconds 10 } |