Get-WindowsEventLogMessage

2.0.0

Get-WindowsEventLogMessage.ps1

                                <#PSScriptInfo 

.VERSION 2.0.0

.GUID fb06bec9-3e1b-472d-948b-3517f71d876c

.AUTHOR saw-friendship 

.COMPANYNAME 

.COPYRIGHT 

.TAGS 

 saw-friendship Windows EventLog Message XML

.LICENSEURI 

.PROJECTURI

 https://sawfriendship.wordpress.com

.ICONURI 

.EXTERNALMODULEDEPENDENCIES 

.REQUIREDSCRIPTS 

.EXTERNALSCRIPTDEPENDENCIES 

.RELEASENOTES 

#>

<# 

.DESCRIPTION 

 Expand WinEventLog Message and trying include generated objects to EventDataObject Property

.EXAMPLE 

 Get-WindowsEventLogMessage -Id 4624 -LogName Security -MaxEvents 10

.EXAMPLE 

 Get-WindowsEventLogMessage Security -StartTime (Get-Date).AddHours(-1) -Property Id,TimeCreated,TargetUserName

#> 

[CmdletBinding()]

param(

    [string]$LogName,

    [string]$ProviderName,

    [int[]]$Id,

    [string]$Path,

    [int]$MaxEvents,

    [string]$ComputerName,

    [switch]$Force,

    [PSCredential]$Credential,

    [switch]$Oldest,

    [string]$PropertyPrefix = '',

    [alias('After')][datetime]$StartTime,

    [alias('Before')][datetime]$EndTime,

    [string[]]$Property = @('*')

)

[string[]]$FilterParamArray = @('LogName','ProviderName','Id','StartTime','EndTime')

[Hashtable]$FilterHashtable = @{}; $PSBoundParameters.Keys.Where({$FilterParamArray -contains $_}).ForEach({$FilterHashtable[$_] = $PSBoundParameters[$_]})

[string[]]$WinEventParamArray = @('MaxEvents','Path','ComputerName','Credential','Force','Oldest')

[Hashtable]$WinEventParam = @{}; $PSBoundParameters.Keys.Where({$WinEventParamArray -contains $_}).ForEach({$WinEventParam[$_] = $PSBoundParameters[$_]})

if ($FilterHashtable.Count -ge 1) {$WinEventParam['FilterHashtable'] = $FilterHashtable}

[array]$WinEventSelect = $Property.ForEach({$_})

$WinEventSelect += @{'Name' = 'EventData'; 'Expression' = {([xml]($_.ToXml())).Event.EventData.Data}}

$WinEventSelect += @{'Name' = 'EventDataObject'; 'Expression' = {$Data = ([xml]($_.ToXml())).Event.EventData.Data; $Hash=@{}; if($Data.Name){[string[]]$NewNames=@(); $Data.ForEach({$NewNames+=$PropertyPrefix+$_.Name; $Hash[$PropertyPrefix+$_.Name]=$_.'#text'}); New-Object -TypeName PsObject -Property $Hash | Select-Object -Property $NewNames}}}

Get-WinEvent @WinEventParam | Select-Object -Property $WinEventSelect