public/Event/Read-Event.ps1
using module '..\..\modules\Enums.psm1' using module '..\..\modules\Helper\DateTimeHelper.psm1' using module '..\..\modules\Session.psd1' function Read-Event{ [Alias('rdev')] param( [Parameter(Mandatory=$true)] # Audit log source file from where the messages will be loaded. [SOURCE] $source, # Referent message time taken as baseline from where the messages will be start analyzing. [string] $referentTime, # Timeframe in which the messages will be analyzed after the referent time. [string] $timeSpan, # Aggregate state of the item [switch] $aggregate, # Displayed progress message [string] $progressMessage, # provide the result as native object rather than display one [switch] $asObject ) if ([Session]::activeSessions.Count -eq 0){ Write-Error 'There is no active session. Import audit logs before they are analyzed.' return } Read-RawLog -datatype Event @PsBoundParameters } |