PPSLogModule.psm1
function New-AzureAppLog { param ( [string]$Message, [string]$Level = "INFO", [string]$Stage = "", [string]$Application = "" ) $msg = [PSCustomObject]@{ Level = $Level Message = $Message Stage = $Stage Application = $Application Computer = $env:COMPUTERNAME User = $env:USERNAME } New-AzureLog -Object $msg -LogType "AppLogs" } function New-AzureSimpleLog { param ( [string]$Message, [string]$Application, [string]$Level = "INFO" ) $msg = [PSCustomObject]@{ Level = $Level Message = $Message Computer = $env:COMPUTERNAME User = $env:USERNAME } New-AzureLog -Object $msg -LogType $Application } function New-AzureLog { param ( [PSCustomObject]$Object, [string]$LogType ) $settings = Get-LogAnalyticsSettings $body = ConvertTo-Json -InputObject $Object New-LogAnalyticsData $settings.CustomerId $settings.SharedKey $body $LogType } function Set-LogAnalyticsSettings($customerId, $sharedKey) { [System.Environment]::SetEnvironmentVariable("LA_CustomerId", $customerId, [System.EnvironmentVariableTarget]::Machine) [System.Environment]::SetEnvironmentVariable("LA_sharedKey", $sharedKey, [System.EnvironmentVariableTarget]::Machine) } function Get-LogAnalyticsSettings() { $settings = [PSCustomObject]@{ CustomerId = $env:LA_CustomerId SharedKey = $env:LA_sharedKey } return $settings } function Build-AzureSignature ($customerId, $sharedKey, $date, $contentLength, $method, $contentType, $resource) { $xHeaders = "x-ms-date:" + $date $stringToHash = $method + "`n" + $contentLength + "`n" + $contentType + "`n" + $xHeaders + "`n" + $resource $bytesToHash = [Text.Encoding]::UTF8.GetBytes($stringToHash) $keyBytes = [Convert]::FromBase64String($sharedKey) $sha256 = New-Object System.Security.Cryptography.HMACSHA256 $sha256.Key = $keyBytes $calculatedHash = $sha256.ComputeHash($bytesToHash) $encodedHash = [Convert]::ToBase64String($calculatedHash) $authorization = 'SharedKey {0}:{1}' -f $customerId,$encodedHash return $authorization } Function New-LogAnalyticsData($customerId, $sharedKey, $body, $logType) { $timeStamp = Get-Date -format o $method = "POST" $contentType = "application/json" $resource = "/api/logs" $rfc1123date = [DateTime]::UtcNow.ToString("r") $contentLength = $body.Length $signature = Build-AzureSignature $customerId ` $sharedKey ` $rfc1123date ` $contentLength ` $method ` $contentType ` $resource $uri = "https://" + $customerId + ".ods.opinsights.azure.com" + $resource + "?api-version=2016-04-01" $headers = @{ "Authorization" = $signature; "Log-Type" = $logType; "x-ms-date" = $rfc1123date; "time-generated-field" = $timeStamp; } Invoke-WebRequest -Uri $uri -Method $method -ContentType $contentType -Headers $headers -Body $body -UseBasicParsing } ### Other functions Function Get-LoggedOnUserSID { $header=@('SESSIONNAME', 'USERNAME', 'ID', 'STATE', 'TYPE', 'DEVICE') $Sessions = query session [array]$ActiveSessions = $Sessions | Select-Object -Skip 1 | Where-Object {$_ -match "Active"} If ($ActiveSessions.Count -ge 1) { $LoggedOnUsers = @() $indexes = $header | ForEach-Object {($Sessions[0]).IndexOf(" $_")} for($row=0; $row -lt $ActiveSessions.Count; $row++) { $obj=New-Object psobject for($i=0; $i -lt $header.Count; $i++) { $begin=$indexes[$i] $end=if($i -lt $header.Count-1) {$indexes[$i+1]} else {$ActiveSessions[$row].length} $obj | Add-Member NoteProperty $header[$i] ($ActiveSessions[$row].substring($begin, $end-$begin)).trim() } $LoggedOnUsers += $obj } $LoggedOnUser = $LoggedOnUsers[0] $LoggedOnUserSID = Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\$($LoggedOnUser.ID)" -Name LoggedOnUserSID -ErrorAction SilentlyContinue | Select-Object -ExpandProperty LoggedOnUserSID Return $LoggedOnUserSID } } |