Module/Rule.IISLogging/Convert/Methods.ps1
|
# Copyright (c) Microsoft Corporation. All rights reserved. # Licensed under the MIT License. #region Method Functions <# .SYNOPSIS Returns the log format. .Parameter CheckContent An array of the raw string data taken from the STIG setting. #> function Get-LogCustomFieldEntry { [CmdletBinding()] [OutputType([object[]])] param ( [Parameter(Mandatory = $true)] [psobject] $CheckContent ) if ($checkContent -match $regularExpression.customFieldSection) { $customFieldEntries = @() [string[]] $customFieldMatch = $checkContent | Select-String -Pattern $regularExpression.customFields -AllMatches foreach ($customField in $customFieldMatch) { $customFieldEntry = ($customField -split $regularExpression.customFields).trim() $customFieldEntries += @{ SourceType = $customFieldEntry[0] -replace ' ', '' SourceName = $customFieldEntry[1] } } } return $customFieldEntries } <# .SYNOPSIS Returns the log flags. .PARAMETER CheckContent An array of the raw string data taken from the STIG setting. #> function Get-LogFlag { [CmdletBinding()] [OutputType([string])] param ( [Parameter(Mandatory = $true)] [psobject] $CheckContent ) $cleanCheckContent = $checkContent -replace ([RegularExpression]::excludeExtendedAscii), '' switch ($cleanCheckContent) { { $PSItem -match $regularExpression.logFlags } { $logFlagString = $cleanCheckContent | Select-String -Pattern $regularExpression.logFlags -AllMatches $logFlagValue = Get-LogFlagValue -LogFlags ($logFlagString.Matches.groups.value -split ',') } { $PSItem -match $regularExpression.standardFields } { [string] $logFlagLine = $cleanCheckContent | Select-String -Pattern $regularExpression.standardFields -AllMatches $logFlagString = $logFlagLine | Select-String -Pattern $regularExpression.standardFieldEntries -AllMatches $logFlagValue = Get-LogFlagValue -LogFlags ( $logFlagString.Matches.Groups.Where{$PSItem.name -eq 1}.value ) } } return $logFlagValue } <# .SYNOPSIS Returns the log format. .PARAMETER CheckContent An array of the raw string data taken from the STIG setting. #> function Get-LogFormat { [CmdletBinding()] [OutputType([string])] param ( [Parameter(Mandatory = $true)] [psobject] $CheckContent ) [string] $logFormatLine = $checkContent | Select-String -Pattern $regularExpression.logFormat -AllMatches if (-not [String]::IsNullOrEmpty( $logFormatLine )) { $logFormat = $logFormatLine | Select-String -Pattern ([RegularExpression]::KeyValuePair) -AllMatches return $logFormat.Matches.Groups.value[-1] } else { Write-Verbose -Message "[$($MyInvocation.MyCommand.Name)] No log format found" return $null } } <# .SYNOPSIS Returns the log roll over period. .PARAMETER CheckContent An array of the raw string data taken from the STIG setting. #> function Get-LogPeriod { [CmdletBinding()] [OutputType([string])] param ( [Parameter(Mandatory = $true)] [psobject] $CheckContent ) switch ( $checkContent ) { { $PsItem -match $regularExpression.logperiod } { return 'daily' } } } <# .SYNOPSIS Returns the log event target. .PARAMETER CheckContent An array of the raw string data taken from the STIG setting. #> function Get-LogTargetW3C { [CmdletBinding()] [OutputType([string])] param ( [Parameter(Mandatory = $true)] [psobject] $CheckContent ) [string] $logTargetW3cLine = $checkContent | Select-String -Pattern $regularExpression.logtargetw3c -AllMatches if (-not [String]::IsNullOrEmpty( $logTargetW3cLine )) { $logTargetW3C = $logTargetW3cLine | Select-String -Pattern ([RegularExpression]::KeyValuePair) -AllMatches switch ( $logTargetW3C.Matches.Groups.value ) { { $PSItem -match 'Both log file and ETW event'} { return 'File,ETW' } } } else { Write-Verbose -Message "[$($MyInvocation.MyCommand.Name)] No log event target found" return $null } } <# .SYNOPSIS Translates and returns the log flag constants .PARAMETER LogFlags Array of log flags #> function Get-LogFlagValue { [CmdletBinding()] [OutputType([string[]])] param ( [Parameter(Mandatory = $true)] [AllowEmptyString()] [string[]] $LogFlags ) $logFlagReturn = @() foreach ($flag in $LogFlags) { $logFlagReturn += $logflagsConstant.($flag.trim()) } return $logFlagReturn.where{ -not [string]::IsNullOrEmpty($PSItem) } -join ',' } #endregion |