PSLogs

5.0.3

include/AzureLogAnalytics.ps1

                                @{

    Name          = 'AzureLogAnalytics'

    Description   = 'Sends log data to a Azure Log Analytics Workspace'

    Configuration = @{

        WorkspaceId = @{Required = $true; Type = [string]; Default = $null }

        SharedKey   = @{Required = $true; Type = [string]; Default = $null }

        LogType     = @{Required = $false; Type = [string]; Default = "Logging" }

        Level       = @{Required = $false; Type = [string]; Default = $Logging.Level }

    }

    Logger        = {

        param(

            [hashtable] $Log,

            [hashtable] $Configuration

        )

        Function GetAuthorizationSignature {

            [CmdletBinding()]

            param (

                $WorkspaceId,

                $SharedKey,

                $Hashable

            )

            $hashableBytes = [Text.Encoding]::UTF8.GetBytes($Hashable)

            $key = [Convert]::FromBase64String($SharedKey)

            $sha256 = New-Object System.Security.Cryptography.HMACSHA256

            $sha256.Key = $key

            $hash = $sha256.ComputeHash($hashableBytes)

            $authorization = 'SharedKey {0}:{1}' -f $WorkspaceId,

            [Convert]::ToBase64String($hash)

            return $authorization

        }

        Function WriteLogAnalyticsData {

            param (

                $WorkspaceId,

                $SharedKey,

                $LogType,

                $Body

            )

            $method = "POST"

            $contentType = "application/json"

            $resource = "/api/logs"

            $contentLength = $Body.Length

            $rfc1123date = [DateTime]::UtcNow.ToString("r")

            $xHeaders = "x-ms-date:" + $rfc1123date

            $hashable = $method, $contentLength, $contentType, $xHeaders, $resource -join "`n"

            $getAuthorizationSignatureSplat = @{

                WorkspaceId = $WorkspaceId

                SharedKey   = $SharedKey

                Hashable    = $hashable

            }

            $authorization = GetAuthorizationSignature @getAuthorizationSignatureSplat

            $uri = "https://${WorkspaceId}.ods.opinsights.azure.com${resource}?api-version=2016-04-01"

            $headers = @{

                Authorization          = $authorization

                'Log-Type'             = $LogType

                'x-ms-date'            = $rfc1123date

                'time-generated-field' = 'timestamputc'

            }

            $invokeWebRequestSplat = @{

                Uri             = $uri

                Method          = $method

                ContentType     = $contentType

                Headers         = $headers

                Body            = $Body

                UseBasicParsing = $true

            }

            Invoke-WebRequest @invokeWebRequestSplat

        }

        # Convert timestamp from utc to ISO 8601

        $Log.timestamputc = $Log.timestamputc | Get-Date -UFormat '+%Y-%m-%dT%H:%M:%S.000Z'

        # See if a Body was provided, that needs to be expanded.

        if ($Log.Body) {

            $Log = $Log + $Log.Body

            $Log.Remove('Body')

        }

        # Submit the data to the API endpoint

        $json = $Log | ConvertTo-Json

        $encodedJson = [System.Text.Encoding]::UTF8.GetBytes($json)

        $writeLogAnalyticsDataSplat = @{

            WorkspaceId = $Configuration.'WorkspaceId'

            SharedKey   = $Configuration.'SharedKey'

            LogType     = $Configuration.'LogType'

            Body        = $encodedJson

        }

        $null = WriteLogAnalyticsData @writeLogAnalyticsDataSplat

    }

}