Merge pull request #393 from Icinga:feature/generic_eventlog_reader_and_ifw_reader

Feature: Adds generic EventLog reader and IfW reader Adds generic reader function `Read-IcingaWindowsEventLog`, allowing to read any EventLog as stream on the console and adds in addition `Read-IcingaForWindowsLog` for reading Icinga for Windows specific logs
2025-12-20 23:00:35 -05:00 · 2021-11-05 13:37:43 +01:00 · 2021-11-05 13:37:43 +01:00 · 3fdd13ddac
commit 3fdd13ddac
parent b4ced772f5 f4dd59461c
4 changed files with 76 additions and 38 deletions
--- a/doc/100-General/10-Changelog.md
+++ b/doc/100-General/10-Changelog.md
@ -25,6 +25,7 @@ Released closed milestones can be found on [GitHub](https://github.com/Icinga/ic

 * [#383](https://github.com/Icinga/icinga-powershell-framework/pull/383) Moves the components REST-Api [icinga-powershell-restapi](https://icinga.com/docs/icinga-for-windows/latest/restapi/doc/01-Introduction/) and API-Checks [icinga-powershell-apichecks](https://icinga.com/docs/icinga-for-windows/latest/apichecks/doc/01-Introduction/) directly into the Framework
 * [#392](https://github.com/Icinga/icinga-powershell-framework/pull/392) Adds support to read logs from Windows EventLog while using `Read-IcingaAgentLogFile`
+* [#393](https://github.com/Icinga/icinga-powershell-framework/pull/393) Adds generic reader function `Read-IcingaWindowsEventLog`, allowing to read any EventLog as stream on the console and adds in addition `Read-IcingaForWindowsLog` for reading Icinga for Windows specific logs

 ## 1.6.1 (2021-09-15)

--- a/lib/core/framework/Read-IcingaForWindowsLog.psm1
+++ b/lib/core/framework/Read-IcingaForWindowsLog.psm1
@ -0,0 +1,4 @@
+function Read-IcingaForWindowsLog()
+{
+    Read-IcingaWindowsEventLog -LogName 'Application' -Source 'Icinga for Windows' -MaxEntries 500;
+}
--- a/lib/core/framework/Read-IcingaWindowsEventLog.psm1
+++ b/lib/core/framework/Read-IcingaWindowsEventLog.psm1
@ -0,0 +1,70 @@
+function Read-IcingaWindowsEventLog()
+{
+    param (
+        [string]$LogName = 'Application',
+        [array]$Source   = @(),
+        [int]$MaxEntries = 500
+    );
+
+    if ([string]::IsNullOrEmpty($LogName)) {
+        Write-IcingaConsoleError 'You have to specify a log to read from';
+        return;
+    }
+
+    $LastEvent   = $null;
+    $LastMessage = $null;
+    $LastId      = $null;
+    $MaxEvents   = 40000;
+
+    while ($TRUE) {
+        [array]$IcingaEvents    = Get-WinEvent -LogName $LogName -MaxEvents $MaxEvents -ErrorAction Stop;
+        [int]$CurrentIndex      = $MaxEntries;
+        [array]$CollectedEvents = @();
+
+        foreach ($event in $IcingaEvents) {
+
+            if ($CurrentIndex -eq 0) {
+                break;
+            }
+
+            if ($Source.Count -ne 0 -And $Source -NotContains $event.ProviderName) {
+                continue;
+            }
+
+            $CurrentIndex -= 1;
+
+            if ($null -ne $LastEvent -And $event.TimeCreated -lt $LastEvent) {
+                $MaxEvents = 500;
+                break;
+            }
+
+            if ($event.TimeCreated -eq $LastEvent -And (Get-StringSha1 -Content $event.Message) -eq $LastMessage -And $event.Id -eq $LastId) {
+                $MaxEvents = 500;
+                break;
+            }
+
+            $CollectedEvents += $event;
+        }
+
+        $CollectedEvents = $CollectedEvents | Sort-Object { $_.TimeCreated };
+
+        foreach ($event in $CollectedEvents) {
+
+            $ForeColor   = 'White';
+
+            if ($event.Level -eq 3) { # Warning
+                $ForeColor = 'DarkYellow';
+            } elseif ($event.Level -eq 2) { # Error
+                $ForeColor = 'Red';
+            }
+
+            $LastMessage = (Get-StringSha1 -Content $event.Message);
+            $LastId      = $event.Id;
+            $LastEvent   = [DateTime]$event.TimeCreated;
+
+            Write-IcingaConsolePlain -Message '[{0}] {1}' -Objects $event.TimeCreated, $event.Message -ForeColor $ForeColor;
+        }
+
+        Start-Sleep -Seconds 1;
+    }
+}
--- a/lib/core/icingaagent/readers/Read-IcingaAgentLogFile.psm1
+++ b/lib/core/icingaagent/readers/Read-IcingaAgentLogFile.psm1
@ -3,44 +3,7 @@ function Read-IcingaAgentLogFile()
    if ((Test-IcingaAgentFeatureEnabled -Feature 'windowseventlog') -And ([version](Get-IcingaAgentVersion).Full) -ge (New-IcingaVersionObject -Version '2.13.0')) {

        # Icinga 2.13.0 and beyond will log directly into the EventLog
-
-        $LastEvent   = $null;
-        $LastMessage = $null;
-        $LastId      = $null;
-
-        while ($TRUE) {
-            $IcingaEvents = Get-WinEvent -LogName Application -MaxEvents 500 -ErrorAction Stop | Sort-Object { $_.TimeCreated };
-
-            foreach ($event in $IcingaEvents) {
-
-                if ($event.ProviderName -ne 'Icinga 2') {
-                    continue;
-                }
-
-                if ($null -ne $LastEvent -And $event.TimeCreated -lt $LastEvent) {
-                    continue;
-                }
-
-                if ($event.TimeCreated -eq $LastEvent -And (Get-StringSha1 -Content $event.Message) -eq $LastMessage -And $event.Id -eq $LastId) {
-                    continue;
-                }
-
-                $LastEvent   = [DateTime]$event.TimeCreated;
-                $LastMessage = (Get-StringSha1 -Content $event.Message);
-                $LastId      = $event.Id;
-                $ForeColor   = 'White';
-
-                if ($event.Level -eq 3) { # Warning
-                    $ForeColor = 'DarkYellow';
-                } elseif ($event.Level -eq 2) { # Error
-                    $ForeColor = 'Red';
-                }
-
-                Write-IcingaConsolePlain -Message '[{0}] {1}' -Objects $event.TimeCreated, $event.Message -ForeColor $ForeColor;
-            }
-
-            Start-Sleep -Seconds 1;
-        }
+        Read-IcingaWindowsEventLog -LogName 'Application' -Source 'Icinga 2' -MaxEntries 500;
    } else {
        $Logfile = Join-Path -Path (Get-IcingaAgentLogDirectory) -ChildPath 'icinga2.log';
        if ((Test-Path $Logfile) -eq $FALSE) {