-
Notifications
You must be signed in to change notification settings - Fork 206
/
Copy pathWrite-SysMEventLog.ps1
102 lines (85 loc) · 3.7 KB
/
Write-SysMEventLog.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
#Requires -Version 5.0
<#
.SYNOPSIS
Writes an event to an event log
.DESCRIPTION
.NOTES
This PowerShell script was developed and optimized for ScriptRunner. The use of the scripts requires ScriptRunner.
The customer or user is authorized to copy the script from the repository and use them in ScriptRunner.
The terms of use for ScriptRunner do not apply to this script. In particular, ScriptRunner Software GmbH assumes no liability for the function,
the use and the consequences of the use of this freely available script.
PowerShell is a product of Microsoft Corporation. ScriptRunner is a product of ScriptRunner Software GmbH.
© ScriptRunner Software GmbH
.COMPONENT
.LINK
https://github.com/scriptrunner/ActionPacks/tree/master/WinSystemManagement/EventLogs
.Parameter LogName
[sr-en] Event log
.Parameter CustomLogName
[sr-en] Name of the custom event log, enter the log name (not the LogDisplayName)
.Parameter ComputerName
[sr-en] Remote computer, the default is the local computer.
.Parameter EventID
[sr-en] Event identifier. The maximum value for the EventId parameter is 65535
.Parameter Message
[sr-en] Event message
.Parameter Source
[sr-en] Event source, which is typically the name of the application that is writing the event to the log
.Parameter SourceName
[sr-en] Event source, which is typically the name of the application that is writing the event to the log
.Parameter EntryType
[sr-en] Entry type of the event
.Parameter Category
[sr-en] Task category for the event
#>
[CmdLetBinding()]
Param(
[Parameter(Mandatory = $true, ParameterSetName = "Classic event logs")]
[ValidateSet("Application","HardwareEvents","Internet Explorer","Key Management Service","Security","System","Windows PowerShell")]
[string]$LogName,
[Parameter(Mandatory = $true, ParameterSetName = "Custom event log")]
[string]$CustomLogName,
[Parameter(Mandatory = $true, ParameterSetName = "Classic event logs")]
[Parameter(Mandatory = $true, ParameterSetName = "Custom event log")]
[int32]$EventID,
[Parameter(Mandatory = $true, ParameterSetName = "Classic event logs")]
[Parameter(Mandatory = $true, ParameterSetName = "Custom event log")]
[string]$Message,
[Parameter(ParameterSetName = "Classic event logs")]
[Parameter(ParameterSetName = "Custom event log")]
[string]$ComputerName,
[Parameter(Mandatory = $true, ParameterSetName = "Classic event logs")]
[string]$Source,
[Parameter(Mandatory = $true, ParameterSetName = "Custom event log")]
[string]$SourceName,
[Parameter(ParameterSetName = "Classic event logs")]
[Parameter(ParameterSetName = "Custom event log")]
[ValidateSet("Error", "Information", "FailureAudit", "SuccessAudit", "Warning")]
[string]$EntryType = "Information",
[Parameter(ParameterSetName = "Classic event logs")]
[Parameter(ParameterSetName = "Custom event log")]
[int16]$Category
)
try{
[string[]]$Properties = @('EventID','Index','EntryType','InstanceId','TimeGenerated','UserName')
if([System.String]::IsNullOrWhiteSpace($ComputerName)){
$ComputerName = "."
}
if($PSCmdlet.ParameterSetName -eq "Classic event logs"){
$CustomLogName = $LogName
$SourceName = $Source
}
$null = Write-EventLog -ComputerName $ComputerName -LogName $CustomLogName -Source $SourceName -Message $Message -EventId $EventID -EntryType $EntryType -Category $Category -ErrorAction Stop
$result = Get-EventLog -LogName $CustomLogName -ComputerName $ComputerName -Newest 3 | Select-Object $Properties
if($SRXEnv) {
$SRXEnv.ResultMessage = $result
}
else{
Write-Output $result
}
}
catch{
throw
}
finally{
}