get-intunelog.ps1
|
<#PSScriptInfo
.VERSION 0.1 .GUID 0f5469df-6856-4ef6-9a45-233858e80878 .AUTHOR Sander de Wit .COMPANYNAME .COPYRIGHT .TAGS .LICENSEURI .PROJECTURI .ICONURI .EXTERNALMODULEDEPENDENCIES .REQUIREDSCRIPTS .EXTERNALSCRIPTDEPENDENCIES .RELEASENOTES #> <# .DESCRIPTION script to parse intunemanagementextension.log #> Param() function Get-IntuneLog { param( [Parameter(Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias("FullName")] $Path #$tail =10 ) PROCESS { if(($Path -isnot [array]) -and (test-path $Path –PathType Container) ) { $Path = Get-ChildItem "$path\*.log" } foreach ($File in $Path) { if(!( test-path $file)) { $Path +=(Get-ChildItem "$file*.log").fullname } $FileName = Split-Path –Path $File –Leaf if($tail) { $lines = Get-Content –Path $File –tail $tail } else { $lines = get-Content –path $file } ForEach($l in $lines ){ $l -match '\<\!\[LOG\[(?<Message>.*)?\]LOG\]\!\>\<time=\"(?<Time>.+)"\s+date=\"(?<Date>.+)?\"\s+component=\"(?<Component>.+)?\"\s+context="(?<Context>.*)?\"\s+type=\"(?<Type>\d)?\"\s+thread=\"(?<TID>\d+)?\"\s+file=\"(?<Reference>.+)?\"\>' | Out-Null [pscustomobject]@{ Time = $matches.date + ' ' + $matches.time FileName = $FileName Component = $matches.component Context = $matches.context Type = $matches.type TID = $matches.TID Reference = $matches.reference Message = $matches.message } } } } } get-intunelog -path C:\ProgramData\Microsoft\IntuneManagementExtension\Logs|ogv |