Adds filtering options for EventLog parser

doc/100-General/10-Changelog.md

@@ -42,6 +42,7 @@ Released closed milestones can be found on [GitHub](https://github.com/Icinga/ic
 * [#534](https://github.com/Icinga/icinga-powershell-framework/pull/534) Improves Icinga and Director configuration generator, by wrapping PowerShell arrays inside `@()` instead of simply writing them comma separated
 * [#536](https://github.com/Icinga/icinga-powershell-framework/pull/536) Adds new function `Test-IcingaArrayFilter` for easier include and exclude filtering during plugin runtime and to allow filtering of array content for intended values only
 * [#560](https://github.com/Icinga/icinga-powershell-framework/pull/560) Improves handling for Icinga Management Console which will now terminate itself during full uninstallation and restarts after updating the Icinga PowerShell Framework, to apply changes directly
+* [#569](https://github.com/Icinga/icinga-powershell-framework/pull/569) Adds `-Include` and `-Exclude` filter for EventLog CLI parser, to only contain certain messages or exclude them from the output
 
 ## 1.9.2 (2022-06-03)
 

lib/core/framework/Read-IcingaForWindowsLog.psm1

@@ -1,8 +1,10 @@
 function Read-IcingaForWindowsLog()
 {
     param (
-        [array]$Source = @()
+        [array]$Source  = @(),
+        [array]$Include = @(),
+        [array]$Exclude = @()
     );
 
-    Read-IcingaWindowsEventLog -LogName 'Icinga for Windows' -Source $Source -MaxEntries 500;
+    Read-IcingaWindowsEventLog -LogName 'Icinga for Windows' -Source $Source -MaxEntries 500 -Include $Include -Exclude $Exclude;
 }

lib/core/framework/Read-IcingaWindowsEventLog.psm1

@@ -3,6 +3,8 @@ function Read-IcingaWindowsEventLog()
     param (
         [string]$LogName = 'Application',
         [array]$Source   = @(),
+        [array]$Include  = @(),
+        [array]$Exclude  = @(),
         [int]$MaxEntries = 500
     );
 
@@ -17,7 +19,7 @@ function Read-IcingaWindowsEventLog()
     $MaxEvents   = 40000;
 
     while ($TRUE) {
-        [array]$IcingaEvents    = Get-WinEvent -LogName $LogName -MaxEvents $MaxEvents -ErrorAction Stop;
+        [array]$IcingaEvents    = Get-WinEvent -LogName $LogName -MaxEvents $MaxEvents -ErrorAction SilentlyContinue;
         [int]$CurrentIndex      = $MaxEntries;
         [array]$CollectedEvents = @();
 
@@ -43,6 +45,10 @@ function Read-IcingaWindowsEventLog()
                 break;
             }
 
+            if ((Test-IcingaArrayFilter -InputObject $event.Message -Include $Include -Exclude $Exclude) -eq $FALSE) {
+                continue;
+            }
+
             $CollectedEvents += $event;
         }
 

lib/core/icingaagent/readers/Read-IcingaAgentLogFile.psm1

@@ -1,9 +1,14 @@
 function Read-IcingaAgentLogFile()
 {
+    param (
+        [array]$Include = @(),
+        [array]$Exclude = @()
+    );
+
     if ((Test-IcingaAgentFeatureEnabled -Feature 'windowseventlog') -And ([version](Get-IcingaAgentVersion).Full) -ge (New-IcingaVersionObject -Version '2.13.0')) {
 
         # Icinga 2.13.0 and beyond will log directly into the EventLog
-        Read-IcingaWindowsEventLog -LogName 'Application' -Source 'Icinga 2' -MaxEntries 500;
+        Read-IcingaWindowsEventLog -LogName 'Application' -Source 'Icinga 2' -MaxEntries 500 -Include $Include -Exclude $Exclude;
     } else {
         $Logfile = Join-Path -Path (Get-IcingaAgentLogDirectory) -ChildPath 'icinga2.log';
         if ((Test-Path $Logfile) -eq $FALSE) {