mirror of
https://github.com/Icinga/icinga-powershell-framework.git
synced 2025-12-20 23:00:35 -05:00
Adds Cmdlet for analysing EventLog content
This commit is contained in:
Lord Hepipud
parent
d7a1745e39
commit
89764e5ba5
2 changed files with 94 additions and 0 deletions
|
|
@ -14,6 +14,7 @@ Released closed milestones can be found on [GitHub](https://github.com/Icinga/ic
|
|||
### Enhancements
|
||||
|
||||
* [#234](https://github.com/Icinga/icinga-powershell-framework/pull/234) Adds support to allow custom exception lists for Icinga Exceptions, making it easier for different modules to ship their own exception messages
|
||||
* [#235](https://github.com/Icinga/icinga-powershell-framework/pull/235) Adds new Cmdlet `Show-IcingaEventLogAnalysis` to get a better overview on how many log entries are present within the EventLog based on hour, minute and day average/maximum for allowing a more dynamic configuration for `Invoke-IcingaCheckEventLog`
|
||||
|
||||
### Bugfixes
|
||||
|
||||
|
|
|
|||
93
lib/core/tools/Show-IcingaEventLogAnalysis.psm1
Normal file
93
lib/core/tools/Show-IcingaEventLogAnalysis.psm1
Normal file
|
|
@ -0,0 +1,93 @@
|
|||
function Show-IcingaEventLogAnalysis()
|
||||
{
|
||||
param (
|
||||
[string]$LogName = 'Application'
|
||||
);
|
||||
|
||||
Write-IcingaConsoleNotice 'Analysing EventLog "{0}"...' -Objects $LogName;
|
||||
|
||||
Start-IcingaTimer 'EventLog Analyser';
|
||||
|
||||
try {
|
||||
$BasicLogData = Get-WinEvent -ListLog $LogName -ErrorAction Stop;
|
||||
} catch {
|
||||
Write-IcingaConsoleError 'Failed to fetch data for EventLog "{0}". Probably this log does not exist.' -Objects $LogName;
|
||||
return;
|
||||
}
|
||||
|
||||
Write-IcingaConsoleNotice 'Logging Mode: {0}' -Objects $BasicLogData.LogMode;
|
||||
Write-IcingaConsoleNotice 'Maximum Size: {0} GB' -Objects ([math]::Round((Convert-Bytes -Value $BasicLogData.MaximumSizeInBytes -Unit 'GB').value, 2));
|
||||
Write-IcingaConsoleNotice 'Current Entries: {0}' -Objects $BasicLogData.RecordCount;
|
||||
|
||||
[hashtable]$LogAnalysis = @{
|
||||
'Day' = @{
|
||||
'Entries' = @{ };
|
||||
'Count' = 0;
|
||||
'Average' = 0;
|
||||
'Maximum' = 0;
|
||||
};
|
||||
'Hour' = @{
|
||||
'Entries' = @{ };
|
||||
'Count' = 0;
|
||||
'Average' = 0;
|
||||
'Maximum' = 0;
|
||||
};
|
||||
'Minute' = @{
|
||||
'Entries' = @{ };
|
||||
'Count' = 0;
|
||||
'Average' = 0;
|
||||
'Maximum' = 0;
|
||||
};
|
||||
};
|
||||
|
||||
$LogData = Get-WinEvent -LogName $LogName;
|
||||
|
||||
foreach ($entry in $LogData) {
|
||||
[string]$DayOfLogging = $entry.TimeCreated.ToString('yyyy\/MM\/dd');
|
||||
[string]$HourOfLogging = $entry.TimeCreated.ToString('yyyy\/MM\/dd-HH');
|
||||
[string]$MinuteOfLogging = $entry.TimeCreated.ToString('yyyy\/MM\/dd-HH-mm');
|
||||
|
||||
if ($LogAnalysis.Day.Entries.ContainsKey($DayOfLogging) -eq $FALSE) {
|
||||
$LogAnalysis.Day.Entries.Add($DayOfLogging, 0);
|
||||
}
|
||||
|
||||
if ($LogAnalysis.Hour.Entries.ContainsKey($HourOfLogging) -eq $FALSE) {
|
||||
$LogAnalysis.Hour.Entries.Add($HourOfLogging, 0);
|
||||
}
|
||||
|
||||
if ($LogAnalysis.Minute.Entries.ContainsKey($MinuteOfLogging) -eq $FALSE) {
|
||||
$LogAnalysis.Minute.Entries.Add($MinuteOfLogging, 0);
|
||||
}
|
||||
|
||||
$LogAnalysis.Day.Entries[$DayOfLogging] += 1;
|
||||
$LogAnalysis.Hour.Entries[$HourOfLogging] += 1;
|
||||
$LogAnalysis.Minute.Entries[$MinuteOfLogging] += 1;
|
||||
|
||||
$LogAnalysis.Day.Count += 1;
|
||||
$LogAnalysis.Hour.Count += 1;
|
||||
$LogAnalysis.Minute.Count += 1;
|
||||
|
||||
$LogAnalysis.Day.Average = [math]::Ceiling($LogAnalysis.Day.Count / $LogAnalysis.Day.Entries.Count);
|
||||
$LogAnalysis.Hour.Average = [math]::Ceiling($LogAnalysis.Hour.Count / $LogAnalysis.Hour.Entries.Count);
|
||||
$LogAnalysis.Minute.Average = [math]::Ceiling($LogAnalysis.Minute.Count / $LogAnalysis.Minute.Entries.Count);
|
||||
}
|
||||
|
||||
foreach ($value in $LogAnalysis.Day.Entries.Values) {
|
||||
$LogAnalysis.Day.Maximum = Get-IcingaValue -Value $value -Compare $LogAnalysis.Day.Maximum -Maximum;
|
||||
}
|
||||
foreach ($value in $LogAnalysis.Hour.Entries.Values) {
|
||||
$LogAnalysis.Hour.Maximum = Get-IcingaValue -Value $value -Compare $LogAnalysis.Hour.Maximum -Maximum;
|
||||
}
|
||||
foreach ($value in $LogAnalysis.Minute.Entries.Values) {
|
||||
$LogAnalysis.Minute.Maximum = Get-IcingaValue -Value $value -Compare $LogAnalysis.Minute.Maximum -Maximum;
|
||||
}
|
||||
Stop-IcingaTimer 'EventLog Analyser';
|
||||
|
||||
Write-IcingaConsoleNotice 'Average Logs per Day: {0}' -Objects $LogAnalysis.Day.Average;
|
||||
Write-IcingaConsoleNotice 'Average Logs per Hour: {0}' -Objects $LogAnalysis.Hour.Average;
|
||||
Write-IcingaConsoleNotice 'Average Logs per Minute: {0}' -Objects $LogAnalysis.Minute.Average;
|
||||
Write-IcingaConsoleNotice 'Maximum Logs per Day: {0}' -Objects $LogAnalysis.Day.Maximum;
|
||||
Write-IcingaConsoleNotice 'Maximum Logs per Hour: {0}' -Objects $LogAnalysis.Hour.Maximum;
|
||||
Write-IcingaConsoleNotice 'Maximum Logs per Minute: {0}' -Objects $LogAnalysis.Minute.Maximum;
|
||||
Write-IcingaConsoleNotice 'Analysing Time: {0}s' -Objects ([math]::Round((Get-IcingaTimer 'EventLog Analyser').Elapsed.TotalSeconds, 2));
|
||||
}
|
||||
Loading…
Reference in a new issue