GroupPolicyHelper

1.0.1

Get-GphDfslog.ps1

                                function Get-GphDfslog {

#todo: DFS Log examples

    <#

      .SYNOPSIS

      Returns the DFS Log.

      .DESCRIPTION

      This funtions reads the last successful Group Policy Run from the Registry. You can chose between Machine- and 

      User History. 

      .EXAMPLE

      .NOTES

      Author: Holger Voges

      Date: 2018-11-16

      Version: 1.0

  #>

  param(

    # ValidateScript

    [parameter(Mandatory=$false)]

    $DFSLogFile = (Get-ChildItem (Get-WmiObject -Namespace root\microsoftdfs -Class DfsrMachineConfig).DebugLogFilePath |  Where-Object { $_.fullname -match "\S\\dfsr[\d]{5}.log$" }).Fullname 

  )

  $pattern1 = '(\d{8})\s(\d{2}:\d{2}:\d{2}.\d{3})\s(\d{1,5})\s(\w{4})\s{1,3}(\d{1,5})\s([\s\S]{1,}?)::([\s\S]{1,})'

  $pattern2 = '(\d{8})\s(\d{2}:\d{2}:\d{2}.\d{3})\s(\d{4,5})\s(\w{4})\s{1,3}(\d{1,4})\s(\[(WARN|ERROR)])\s([\s\S]{1,}?)::([\s\S]{1,})'

  $pattern3 = '(\d{8})\s(\d{2}:\d{2}:\d{2}.\d{3})\s(\d{1,5})\s(\w{4})\s{1,5}(\d{1,5})\s([\s\S]{1,}?)\s([\s\S]{1,})'

  $DFSLog = Get-Content -ReadCount 0 -Path $DFSLogFile -Encoding UTF8 

  # $dfslog = $DFSlog.Replace("`n`r`n","`r`n")

  for ( $i = 0; $i -lt $DFSLog.Length; $i++)

  {

    # Write-Progress -Activity 'Importing DFS-Log' -PercentComplete ( ($i*100)/$DFSLog.Count ) -CurrentOperation 'Processing Log Entries'

    $LogEntry = 1 | Select-Object LineCount,Date,Time,Thread,Source,Line,EntryType,Method,Data

    Switch ( $DFSLog[$i] )

    {

      { $_ -match $pattern2; $global:out = $matches } 

        {  

          $LogEntry.LineCount = $i

          $LogEntry.Date = $out[1]

          $LogEntry.Time = $out[2]

          $LogEntry.Thread = $out[3]

          $LogEntry.Source = $out[4]

          $LogEntry.Line = $out[5]

          $LogEntry.EntryType = $out[6]

          $logEntry.Method = $out[8]

          $LogEntry.Data = $out[9]

          Continue             

        }

      { $_ -match $pattern1; $global:out = $matches } 

        {

          $LogEntry.LineCount = $i

          $LogEntry.Date = $out[1]

          $LogEntry.Time = $out[2]

          $LogEntry.Thread = $out[3]

          $LogEntry.Source = $out[4]

          $LogEntry.Line = $out[5]

          $logEntry.Method = $out[6]

          $LogEntry.Data = $out[7]

          Continue

        }

      { $_ -match $pattern3; $global:out = $matches } 

        {

          $LogEntry.LineCount = $i

          $LogEntry.Date = $out[1]

          $LogEntry.Time = $out[2]

          $LogEntry.Thread = $out[3]

          $LogEntry.Source = $out[4]

          $LogEntry.Line = $out[5]

          $logEntry.Method = $out[6]

          $LogEntry.Data = $out[7]

          Continue

        }

      default { $LogEntry.Data = $DfsLog[$i] }

    }

    $LogEntry

  }

}