upstream/icinga-powershell-framework
1
0
Fork 0
mirror of https://github.com/Icinga/icinga-powershell-framework.git synced 2025-12-20 23:00:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Adds generic EventLog reader and IfW reader

Browse source
This commit is contained in:
Lord Hepipud 2021-11-05 13:34:45 +01:00
parent b4ced772f5
commit f4dd59461c
4 changed files with 76 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
doc/100-General/10-Changelog.md
View file

@ -25,6 +25,7 @@ Released closed milestones can be found on [GitHub](https://github.com/Icinga/ic
* [#383](https://github.com/Icinga/icinga-powershell-framework/pull/383) Moves the components REST-Api [icinga-powershell-restapi](https://icinga.com/docs/icinga-for-windows/latest/restapi/doc/01-Introduction/) and API-Checks [icinga-powershell-apichecks](https://icinga.com/docs/icinga-for-windows/latest/apichecks/doc/01-Introduction/) directly into the Framework * [#383](https://github.com/Icinga/icinga-powershell-framework/pull/383) Moves the components REST-Api [icinga-powershell-restapi](https://icinga.com/docs/icinga-for-windows/latest/restapi/doc/01-Introduction/) and API-Checks [icinga-powershell-apichecks](https://icinga.com/docs/icinga-for-windows/latest/apichecks/doc/01-Introduction/) directly into the Framework
* [#392](https://github.com/Icinga/icinga-powershell-framework/pull/392) Adds support to read logs from Windows EventLog while using `Read-IcingaAgentLogFile` * [#392](https://github.com/Icinga/icinga-powershell-framework/pull/392) Adds support to read logs from Windows EventLog while using `Read-IcingaAgentLogFile`
* [#393](https://github.com/Icinga/icinga-powershell-framework/pull/393) Adds generic reader function `Read-IcingaWindowsEventLog`, allowing to read any EventLog as stream on the console and adds in addition `Read-IcingaForWindowsLog` for reading Icinga for Windows specific logs
## 1.6.1 (2021-09-15) ## 1.6.1 (2021-09-15)

4
lib/core/framework/Read-IcingaForWindowsLog.psm1 Normal file
View file

@ -0,0 +1,4 @@
function Read-IcingaForWindowsLog()
{
Read-IcingaWindowsEventLog -LogName 'Application' -Source 'Icinga for Windows' -MaxEntries 500;
}

70
lib/core/framework/Read-IcingaWindowsEventLog.psm1 Normal file
View file

@ -0,0 +1,70 @@
function Read-IcingaWindowsEventLog()
{
param (
[string]$LogName = 'Application',
[array]$Source = @(),
[int]$MaxEntries = 500
);
if ([string]::IsNullOrEmpty($LogName)) {
Write-IcingaConsoleError 'You have to specify a log to read from';
return;
}
$LastEvent = $null;
$LastMessage = $null;
$LastId = $null;
$MaxEvents = 40000;
while ($TRUE) {
[array]$IcingaEvents = Get-WinEvent -LogName $LogName -MaxEvents $MaxEvents -ErrorAction Stop;
[int]$CurrentIndex = $MaxEntries;
[array]$CollectedEvents = @();
foreach ($event in $IcingaEvents) {
if ($CurrentIndex -eq 0) {
break;
}
if ($Source.Count -ne 0 -And $Source -NotContains $event.ProviderName) {
continue;
}
$CurrentIndex -= 1;
if ($null -ne $LastEvent -And $event.TimeCreated -lt $LastEvent) {
$MaxEvents = 500;
break;
}
if ($event.TimeCreated -eq $LastEvent -And (Get-StringSha1 -Content $event.Message) -eq $LastMessage -And $event.Id -eq $LastId) {
$MaxEvents = 500;
break;
}
$CollectedEvents += $event;
}
$CollectedEvents = $CollectedEvents | Sort-Object { $_.TimeCreated };
foreach ($event in $CollectedEvents) {
$ForeColor = 'White';
if ($event.Level -eq 3) { # Warning
$ForeColor = 'DarkYellow';
} elseif ($event.Level -eq 2) { # Error
$ForeColor = 'Red';
}
$LastMessage = (Get-StringSha1 -Content $event.Message);
$LastId = $event.Id;
$LastEvent = [DateTime]$event.TimeCreated;
Write-IcingaConsolePlain -Message '[{0}] {1}' -Objects $event.TimeCreated, $event.Message -ForeColor $ForeColor;
}
Start-Sleep -Seconds 1;
}
}

39
lib/core/icingaagent/readers/Read-IcingaAgentLogFile.psm1
View file

@ -3,44 +3,7 @@ function Read-IcingaAgentLogFile()
if ((Test-IcingaAgentFeatureEnabled -Feature 'windowseventlog') -And ([version](Get-IcingaAgentVersion).Full) -ge (New-IcingaVersionObject -Version '2.13.0')) { if ((Test-IcingaAgentFeatureEnabled -Feature 'windowseventlog') -And ([version](Get-IcingaAgentVersion).Full) -ge (New-IcingaVersionObject -Version '2.13.0')) {
# Icinga 2.13.0 and beyond will log directly into the EventLog # Icinga 2.13.0 and beyond will log directly into the EventLog
Read-IcingaWindowsEventLog -LogName 'Application' -Source 'Icinga 2' -MaxEntries 500;
$LastEvent = $null;
$LastMessage = $null;
$LastId = $null;
while ($TRUE) {
$IcingaEvents = Get-WinEvent -LogName Application -MaxEvents 500 -ErrorAction Stop | Sort-Object { $_.TimeCreated };
foreach ($event in $IcingaEvents) {
if ($event.ProviderName -ne 'Icinga 2') {
continue;
}
if ($null -ne $LastEvent -And $event.TimeCreated -lt $LastEvent) {
continue;
}
if ($event.TimeCreated -eq $LastEvent -And (Get-StringSha1 -Content $event.Message) -eq $LastMessage -And $event.Id -eq $LastId) {
continue;
}
$LastEvent = [DateTime]$event.TimeCreated;
$LastMessage = (Get-StringSha1 -Content $event.Message);
$LastId = $event.Id;
$ForeColor = 'White';
if ($event.Level -eq 3) { # Warning
$ForeColor = 'DarkYellow';
} elseif ($event.Level -eq 2) { # Error
$ForeColor = 'Red';
}
Write-IcingaConsolePlain -Message '[{0}] {1}' -Objects $event.TimeCreated, $event.Message -ForeColor $ForeColor;
}
Start-Sleep -Seconds 1;
}
} else { } else {
$Logfile = Join-Path -Path (Get-IcingaAgentLogDirectory) -ChildPath 'icinga2.log'; $Logfile = Join-Path -Path (Get-IcingaAgentLogDirectory) -ChildPath 'icinga2.log';
if ((Test-Path $Logfile) -eq $FALSE) { if ((Test-Path $Logfile) -eq $FALSE) {