WinEventLogCustomization.psm1

$script:ModuleRoot = $PSScriptRoot
$script:ModuleVersion = (Import-PowerShellDataFile -Path "$($script:ModuleRoot)\WinEventLogCustomization.psd1").ModuleVersion

# Detect whether at some level dotsourcing was enforced
$script:doDotSource = Get-PSFConfigValue -FullName WinEventLogCustomization.Import.DoDotSource -Fallback $false
if ($WinEventLogCustomization_dotsourcemodule) { $script:doDotSource = $true }

<#
Note on Resolve-Path:
All paths are sent through Resolve-Path/Resolve-PSFPath in order to convert them to the correct path separator.
This allows ignoring path separators throughout the import sequence, which could otherwise cause trouble depending on OS.
Resolve-Path can only be used for paths that already exist, Resolve-PSFPath can accept that the last leaf my not exist.
This is important when testing for paths.
#>


# Detect whether at some level loading individual module files, rather than the compiled module was enforced
$importIndividualFiles = Get-PSFConfigValue -FullName WinEventLogCustomization.Import.IndividualFiles -Fallback $false
if ($WinEventLogCustomization_importIndividualFiles) { $importIndividualFiles = $true }
if (Test-Path (Resolve-PSFPath -Path "$($script:ModuleRoot)\..\.git" -SingleItem -NewChild)) { $importIndividualFiles = $true }
if ("<was compiled>" -eq '<was not compiled>') { $importIndividualFiles = $true }

function Import-ModuleFile {
    <#
        .SYNOPSIS
            Loads files into the module on module import.
 
        .DESCRIPTION
            This helper function is used during module initialization.
            It should always be dotsourced itself, in order to proper function.
 
            This provides a central location to react to files being imported, if later desired
 
        .PARAMETER Path
            The path to the file to load
 
        .EXAMPLE
            PS C:\> . Import-ModuleFile -File $function.FullName
 
            Imports the file stored in $function according to import policy
    #>

    [CmdletBinding()]
    Param (
        [string]
        $Path
    )

    $resolvedPath = $ExecutionContext.SessionState.Path.GetResolvedPSPathFromPSPath($Path).ProviderPath
    if ($doDotSource) { . $resolvedPath }
    else { $ExecutionContext.InvokeCommand.InvokeScript($false, ([scriptblock]::Create([io.file]::ReadAllText($resolvedPath))), $null, $null) }
}

#region Load individual files
if ($importIndividualFiles) {
    # Execute Preimport actions
    foreach ($path in (& "$ModuleRoot\internal\scripts\preimport.ps1")) {
        . Import-ModuleFile -Path $path
    }

    # Import all internal functions
    foreach ($function in (Get-ChildItem "$ModuleRoot\internal\functions" -Filter "*.ps1" -Recurse -ErrorAction Ignore)) {
        . Import-ModuleFile -Path $function.FullName
    }

    # Import all public functions
    $functions = (Get-ChildItem "$ModuleRoot\functions" -Filter "*.ps1" -Recurse -ErrorAction Ignore)
    $function = $functions[6]
    foreach ($function in $functions) {
        . Import-ModuleFile -Path $function.FullName
    }

    # Execute Postimport actions
    foreach ($path in (& "$ModuleRoot\internal\scripts\postimport.ps1")) {
        . Import-ModuleFile -Path $path
    }

    # End it here, do not load compiled code below
    return
}
#endregion Load individual files

#region Load compiled code
<#
This file loads the strings documents from the respective language folders.
This allows localizing messages and errors.
Load psd1 language files for each language you wish to support.
Partial translations are acceptable - when missing a current language message,
it will fallback to English or another available language.
#>

Import-PSFLocalizedString -Path "$($script:ModuleRoot)\en-us\*.psd1" -Module 'WinEventLogCustomization' -Language 'en-US'

function Import-Excel {
    <#
    .Synopsis
        Import-Excel
 
    .DESCRIPTION
        Imports data from Excel
 
    .PARAMETER ExcelPackage
        The Excel package imported from a file
 
    .PARAMETER WorksheetName
        Name of the sheet within the Excel package
 
    .PARAMETER StartRow
        Number of the row where import starts
 
    .PARAMETER EndRow
        Number of the row where import ends
 
    .PARAMETER StartColumn
        Number of the column where import starts
 
    .PARAMETER EndColumn
        Number of the column where import ends
 
    .EXAMPLE
        PS C:\> Import-Excel -ExcelPackage $excelPackage -WorksheetName "Sheet1" -StartRow 1 -EndRow 10 -StartColumn 1 -EndColumn 5
 
        Imports data from $excelPackage
 
    .NOTES
        Derived function from PSModule "ImportExcel" by Douglas Finke
 
        Due to the fact, that I don't need the whole function of the module and want to avoid module dependencies,
        I've adopted and cut the function down to my own need the WinEventLogCustomization module.
 
    .LINK
        https://github.com/dfinke/ImportExcel
 
    #>

    [CmdLetBinding()]
    param (
        [Parameter(Mandatory = $true)]
        [OfficeOpenXml.ExcelPackage]
        $ExcelPackage,

        [ValidateNotNullOrEmpty()]
        [String]
        $WorksheetName,

        [Int]
        $StartRow = 1,

        [Int]
        $EndRow,

        [Int]
        $StartColumn = 1,

        [Int]
        $EndColumn
    )

    begin {
        # Helper function
        function Get-PropertyNames {
            <#
            .SYNOPSIS
                Create objects containing the column number and the column name for each of the different header types.
            #>

            [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseSingularNouns', '', Justification = "Name would be incorrect, and command is not exported")]
            param(
                [Parameter(Mandatory = $true)]
                $Sheet,

                [Parameter(Mandatory = $true)]
                [Int[]]
                $Columns,

                [Parameter(Mandatory = $true)]
                [Int]
                $StartRow
            )

            if ($StartRow -lt 1) {
                Stop-PSFFunction -Message 'The top row can never be less than 1 when we need to retrieve headers from the worksheet.' -EnableException $true
                return
            }

            try {
                foreach ($column in $Columns) {
                    $Sheet.Cells[$StartRow, $column] | Where-Object { -not [string]::IsNullOrEmpty($_.Value) } | Select-Object @{N = 'Column'; E = { $column } }, Value
                }
            } catch {
                Stop-PSFFunction -Message "Failed creating property names: $_" -EnableException $true
                return
            }
        }
    }

    process {
        try {
            $sheet = $ExcelPackage.Workbook.Worksheets[$WorksheetName]
            if (-not $sheet) {
                Stop-PSFFunction -Message "Worksheet '$WorksheetName' not found" -EnableException
                return
            }


            #region Get rows and columns
            if (-not $EndRow ) { $EndRow = $sheet.Dimension.End.Row }
            if (-not $EndColumn) { $EndColumn = $sheet.Dimension.End.Column }

            $Columns = $StartColumn .. $EndColumn

            if ($StartColumn -gt $EndColumn) {
                Write-PSFMessage -Level Warning -Message "Selecting columns $StartColumn to $EndColumn might give odd results."
            }

            $rows = (1 + $StartRow) .. $EndRow
            if ($StartRow -eq 1 -and $EndRow -eq 1) {
                $rows = 0
            }
            #endregion Get rows and columns


            #region Create property names
            if ((-not $Columns) -or (-not ($PropertyNames = Get-PropertyNames -Sheet $sheet -Columns $Columns -StartRow $StartRow))) {
                Write-PSFMessage -Level Error -Message "No column headers found on top row '$StartRow'."
                return
            }

            if ($Duplicates = $PropertyNames | Group-Object Value | Where-Object Count -GE 2) {
                Stop-PSFFunction -Message "Duplicate column headers found on row '$StartRow' in columns '$($Duplicates.Group.Column)'. Column headers must be unique." -EnableException $true
                return
            }
            #endregion


            if (-not $rows) {
                Write-PSFMessage -Level Warning -Message "Worksheet '$WorksheetName' contains no data in the rows after top row '$StartRow'"
            } else {
                # Create one object per row
                foreach ($row in $rows) {
                    Write-PSFMessage -Level Debug -Message "Import row '$row'"

                    $NewRow = [Ordered]@{}
                    foreach ($propertyName in $PropertyNames) {
                        $NewRow[$propertyName.Value] = $sheet.Cells[$row, $propertyName.Column].Value
                    }

                    $NewRow
                }

            }
        } catch {
            Stop-PSFFunction -Message "Failed importing the Excel workbook. $_" -EnableException $true
            return
        }
    }

    end {
    }
}


function Get-WELCEventChannel {
    <#
    .Synopsis
        Get-WELCEventChannel
 
    .DESCRIPTION
        Query Windows Eventlog Channel(s) and their provider information.
 
    .PARAMETER ComputerName
        The computer(s) to connect to.
        Supports PSSession objects also.
 
    .PARAMETER Session
        A PSSession object for remote connection to another machine
 
    .PARAMETER Credential
        The credentials to use on remote calls
 
    .PARAMETER ChannelFullName
        The name of the EventChannel to query
 
        Default is every channel
 
    .EXAMPLE
        PS C:\> Get-WELCEventChannel
 
        Display all available subscription
 
    .EXAMPLE
        PS C:\> Get-WELCEventChannel -ChannelFullName MyChannel
 
        Display Channel "MyChannel"
 
    .EXAMPLE
        PS C:\> Get-WELCEventChannel -ChannelFullName MyChannel -ComputerName SRV01
 
        Display Channel "MyChannel" from remote computer "SRV01".
 
    .EXAMPLE
        PS C:\> Get-WELCEventChannel -ChannelFullName MyChannel -Sesion $PSSession
 
        Display Channel "MyChannel" from all connections within the $PSSession variable
 
        Assuming $PSSession variable is created something like this:
        $PSSession = New-PSSession -ComputerName SRV01
 
    .NOTES
        Author: Andreas Bellstedt
 
    .LINK
        https://github.com/AndiBellstedt/WinEventLogCustomization
 
    #>

    [CmdletBinding(
        DefaultParameterSetName = 'ComputerName',
        PositionalBinding = $true,
        ConfirmImpact = 'low'
    )]
    [OutputType([WELC.EventLogChannel])]
    Param(
        [Parameter(
            ValueFromPipeline = $true,
            Position = 0
        )]
        [Alias("Name", "ChannelName", "LogName")]
        [ValidateNotNullOrEmpty()]
        [String[]]
        $ChannelFullName = "*",

        [Parameter(
            ParameterSetName = "ComputerName",
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            Position = 1
        )]
        [Alias("Host", "Hostname", "Computer", "DNSHostName")]
        [PSFComputer[]]
        $ComputerName = $env:COMPUTERNAME,

        [Parameter(
            ParameterSetName = "Session",
            Position = 1
        )]
        [System.Management.Automation.Runspaces.PSSession[]]
        $Session,

        [Parameter( ParameterSetName = "ComputerName" )]
        [PSCredential]
        $Credential
    )

    begin {
        # If session parameter is used -> transfer it to ComputerName,
        # The class "PSFComputer" from PSFramework can handle it. This simplifies the handling in the further process block
        if ($Session) { $ComputerName = $Session.ComputerName }

        $channelFullNameBound = Test-PSFParameterBinding -ParameterName ChannelFullName
        $computerBound = Test-PSFParameterBinding -ParameterName ComputerName
    }

    process {
        #region parameterset workarround
        Write-PSFMessage -Level Debug -Message "ParameterNameSet: $($PsCmdlet.ParameterSetName)"

        # Workarround parameter binding behaviour of powershell in combination with ComputerName Piping
        if (-not ($channelFullNameBound -or $computerBound) -and $ComputerName.InputObject -and $PSCmdlet.ParameterSetName -ne "Session") {
            if ($ComputerName.InputObject -is [string]) { $ComputerName = $env:ComputerName } else { $ChannelFullName = "*" }
        }
        #endregion parameterset workarround

        #region Processing Channels
        foreach ($computer in $ComputerName) {
            $winEventProviders = @()
            $errorChannel = @()

            foreach ($channel in $ChannelFullName) {

                $ErrorReturn = $null
                $paramInvokeCmd = [ordered]@{
                    "ComputerName" = $computer
                    "ErrorAction"  = "Stop"
                    ErrorVariable  = "ErrorReturn"
                    "ArgumentList" = $channel
                }
                if ($PSCmdlet.ParameterSetName -eq "Session") { $paramInvokeCmd['ComputerName'] = $Session }
                if ($Credential) { $paramInvokeCmd.Add("Credential", $Credential) }

                Write-PSFMessage -Level Verbose -Message "Query EventLog channel '$($channel)' on computer '$($computer)'" -Target $computer
                try {
                    $winEventChannels = Invoke-PSFCommand @paramInvokeCmd -ScriptBlock { Get-WinEvent -ListLog $args[0] -ErrorAction Stop }
                } catch {
                    Stop-PSFFunction -Message "Unable to query EventLog channel '$($channel)' on computer '$($computer)'. ErrorMessage: $($ErrorReturn.Exception.Message | Select-Object -Unique)" -Target $computer -ErrorRecord $_
                    continue
                }

                [array]$providerNames = $winEventChannels.ProviderNames | Select-Object -Unique
                Write-PSFMessage -Level Verbose -Message "Query $($providerNames.count) provider from EventLog channel '$($winEventChannels.LogName)'" -Target $computer

                $errorMessages = @()
                $providerNames = $providerNames | Where-Object { $_ -notin $winEventProviders.name -and $_ -notin $errorChannel }
                $winEventProviders += foreach ($providerName in $providerNames) {
                    $ErrorReturn = $null
                    $paramInvokeCmd['ArgumentList'] = $providerName
                    try {
                        Invoke-PSFCommand @paramInvokeCmd -ScriptBlock {
                            Get-WinEvent -ListProvider $args -ErrorAction SilentlyContinue -ErrorVariable ErrorOccured
                            if ($ErrorOccured) { Write-Error -Message ([string]::Join(" " , ($ErrorOccured.Exception.Message | Select-Object -Unique))) -ErrorAction Stop }
                        } -Verbose:$false
                    } catch {
                        Write-PSFMessage -Level Debug -Message "Unable to query provider '$($providerName)' from computer '$($computer)'. ErrorMessage: $($ErrorReturn.Exception | Select-Object -ExpandProperty Message -Unique)" -Target $computer -ErrorRecord $_
                        $errorChannel += $providerName
                        $errorMessages += $ErrorReturn.Exception[-1].Message
                    }
                }

                if ($errorMessages) {
                    Write-PSFMessage -Level Error -Message "Error query provider ($([string]::Join(", ", $providerNames))) from EventLog Channel '$($winEventChannels.LogName)' on computer '$($computer)'. ErrorMessage: $([string]::join(" ", $errorMessages))" -Target $computer
                }

                Write-PSFMessage -Level Verbose -Message "Output $(([Array]$winEventChannels).count) EventLog channel$(if(([Array]$winEventChannels).count -gt 1){"s"})" -Target $computer
                # Output result
                foreach ($winEventChannel in $winEventChannels) {

                    $output = [WELC.EventLogChannel]@{
                        "PSComputerName" = $computer
                        "WinEventLog"    = $winEventChannel
                        "Provider"       = ( $winEventChannel.ProviderNames | ForEach-Object { $_name = $_; $winEventProviders | Where-Object ProviderName -like $_name } )
                    }

                    $output
                }
            }
        }
        #endregion Processing Events

    }

    end {
    }
}


function Import-WELCChannelDefinition {
    <#
    .Synopsis
        Import-WELCChannelDefinition
 
    .DESCRIPTION
        Import definition data for creating custom Windows EventLog Channels from a Excel file
        The Excel file acts as a definition database and provide easy handling and definition for custom eventlog channels and there structure
 
        Additionally in the excel file, there is the possibility to manage XPath-Queries for Windows Event Forwading queries
 
    .PARAMETER Path
        The Excel file or a folder with Excel files to import
 
    .PARAMETER Sheet
        The Name of the sheet within the Excel file
 
    .PARAMETER Table
        The table containing the definition data within the sheet of the Excel file
 
    .PARAMETER FileExtension
        A list of file extensions indicating Excel files
        Only needed/used if a folder is specified as a Path
 
    .PARAMETER Recursive
        The specified path will be parsed recursivly
        Only needed/used if a folder is specified as a Path
 
    .PARAMETER OutputChannelDefinition
        If specified the function will output a WELC.ChannelDefinition object, instead of WELC.TemplateRecord data
 
    .PARAMETER OutputChannelConfig
        If specified the function will output a WELC.ChannelDefinition object, instead of WELC.TemplateRecord data
 
 
    .PARAMETER WhatIf
        If this switch is enabled, no actions are performed but informational messages will be displayed that explain what would happen if the command were to run.
 
    .PARAMETER Confirm
        If this switch is enabled, you will be prompted for confirmation before executing any operations that change state.
 
    .EXAMPLE
        PS C:\> Import-WELCChannelDefinition -Path C:\WELC\MyFile.xls
 
        Import the excel file 'C:\WELC\MyFile.xls' with the default expected parametersettings
        (Excel file has to contain a Sheet 'CustomEventLogChannels' and a table 'T_Channel')
 
    .EXAMPLE
        PS C:\> Import-WELCChannelDefinition -Path C:\WELC
 
        Import all excel files in path 'C:\WELC' with the default expected parametersettings
        (sheet and table settings like in first example. Files have to have an extension with ".xlsx", ".xlsm", ".xls")
 
    .EXAMPLE
        PS C:\> Import-WELCChannelDefinition -Path C:\WELC -Recursive -FileExtension "xlsx", "xlsm", "xls"
 
        Import all excel files in path 'C:\WELC' and in all subfolders with the specified extensions "xlsx", "xlsm", "xls"
        (sheet and table settings like in first example)
 
    .EXAMPLE
        PS C:\> Import-WELCChannelDefinition -Path C:\WELC\MyFile.xls -Sheet "CustomEventLogChannels" -Table "T_Channel"
 
        Import the excel file 'C:\WELC\MyFile.xls' with the explicit parameter settings on sheet and table
 
    .NOTES
        Author: Andreas Bellstedt
 
    .LINK
        https://github.com/AndiBellstedt/WinEventLogCustomization
    #>

    [CmdLetBinding(
        DefaultParameterSetName = "OutputTemplateRecord",
        SupportsShouldProcess = $true,
        PositionalBinding = $true,
        ConfirmImpact = 'Low'
    )]
    [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseOutputTypeCorrectly', '', Justification = 'Intentional')]
    [OutputType("WELC.ChannelDefinition", "WELC.ChannelConfig", "WELC.TemplateRecord", "PSObject")]
    param(
        [parameter(
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            Position = 0
        )]
        [Alias("FullName", "FilePath", "Folder", "File")]
        [string[]]
        $Path,

        [ValidateNotNullOrEmpty()]
        [Alias("ExcelSheet", "SheetName")]
        [string]
        $Sheet = "CustomEventLogChannels",

        [ValidateNotNullOrEmpty()]
        [Alias("ExcelTable", "TableName")]
        [string]
        $Table = "T_Channel",

        [string[]]
        $FileExtension = @("xlsx", "xlsm", "xls"),

        [switch]
        $Recursive,

        [Parameter(ParameterSetName = "OutputChannelDefinition" )]
        [switch]
        $OutputChannelDefinition,

        [Parameter(ParameterSetName = "OutputChannelConfig" )]
        [switch]
        $OutputChannelConfig
    )

    begin {
        # ensure correct format for specified extensions
        if ($FileExtension) {
            $FileExtension = foreach ($item in $FileExtension) {
                $item = $item.Trim(".")
                ".$($item)"
            }
        }
    }

    process {
        Write-PSFMessage -Level Debug -Message "ParameterNameSet: $($PsCmdlet.ParameterSetName)"

        # working trough the specified path(s)
        foreach ($pathItem in $Path) {

            # File and folder validity tests
            if (Test-Path -Path $pathItem -PathType Leaf) {
                Write-PSFMessage -Level Verbose -Message "Found file '$($pathItem)' as a valid file in path"
                $files = $pathItem | Resolve-Path | Get-ChildItem | Select-Object -ExpandProperty FullName
            } elseif (Test-Path -Path $pathItem -PathType Container) {
                Write-PSFMessage -Level Verbose -Message "Getting files in path '$($pathItem)'"
                $param = @{
                    Path   = $pathItem
                    "File" = $true
                }
                if ($Recursive) { $param["Recursive"] = $true }
                $files = Get-ChildItem @param | Where-Object Extension -in $FileExtension | Select-Object -ExpandProperty FullName
                Write-PSFMessage -Level Verbose -Message "Found $($files.count) file$(if($files.count -gt 1){"s"}) in path "
            } elseif (-not (Test-Path  -Path $pathItem -PathType Any -IsValid)) {
                Write-PSFMessage -Level Error -Message "'$pathItem' is not a valid path or file."
                continue
            } else {
                Write-PSFMessage -Level Error -Message "Unable to open '$($pathItem)'"
                continue
            }

            # Working trough the actual found file(s)
            foreach ($file in $files) {
                Write-PSFMessage -Level Verbose -Message "Open file '$($file)' as Excel file"

                # Open the file
                #$excelDocument = Get-ExcelDocument -Path $file
                $excelDocument = New-Object -TypeName OfficeOpenXml.ExcelPackage -ArgumentList $file
                if (-not $excelDocument) { continue }

                # Select the specified sheet
                $excelSheet = $excelDocument.Workbook.Worksheets | Where-Object name -like $Sheet
                if (-not $excelSheet) {
                    Write-PSFMessage -Level Error -Message "Excel file '$($file.split("\")[-1])' contains no sheet '$($Sheet)'"
                    continue
                }

                # Select the specified table
                $excelTable = $excelSheet.Tables | Where-Object name -like $Table
                if (-not $table) {
                    Write-PSFMessage -Level Error -Message "Unable to find table '$($Table)' in sheet '$($file.split("\")[-1])' "
                    continue
                }

                # Prepare importing the table as powershell object
                $param = @{
                    ExcelPackage  = $excelDocument
                    WorksheetName = $excelSheet.name
                    StartRow      = $excelTable.Address.Start.Row
                    StartColumn   = $excelTable.Address.Start.Column
                    EndRow        = $excelTable.Address.End.Row
                    EndColumn     = $excelTable.Address.End.Column
                }

                if ($pscmdlet.ShouldProcess("table '$($Table)' in sheet '$($Sheet)' from file '$($file)'", "Import")) {
                    Write-PSFMessage -Level Debug -Message "Import Excel file"
                    # Import and filter data from excel table into powershell
                    $tableData = Import-Excel @param
                    $data = $tableData | Where-Object LogFullName
                    Write-PSFMessage -Level Verbose -Message "Found $(([array]$data).Count) usable records in $($tableData.Count) records from table '$($Table)' in worksheet '$($Sheet)'"

                    # Output result
                    foreach ($item in $data) {
                        switch ($pscmdlet.ParameterSetName) {
                            "OutputChannelDefinition" {
                                if ($OutputChannelDefinition) {
                                    $output = [WELC.ChannelDefinition]@{
                                        ChannelName    = $item.ChannelName
                                        ChannelSymbol  = $item.ChannelSymbol
                                        ProviderName   = $item.ProviderName
                                        ProviderSymbol = $item.ProviderSymbol
                                    }
                                    $output
                                }
                            }
                            "OutputChannelConfig" {
                                if ($OutputChannelConfig) {
                                    $output = [WELC.ChannelConfig]@{
                                        ChannelName     = $item.ChannelName
                                        LogFullName     = $item.LogFullName
                                        LogMode         = $item.LogMode
                                        Enabled         = [bool]::Parse($item.ChannelEnabled)
                                        MaxEventLogSize = $item.MaxEventLogSize / 1
                                    }
                                    $output
                                }
                            }
                            "OutputTemplateRecord" {
                                $item.psobject.TypeNames.Insert(0, "WELC.TemplateRecord")
                                $item
                            }

                            Default {
                                Stop-PSFFunction -Message "Unhandeled ParameterSetName. Developers mistake." -EnableException $true
                                throw
                            }
                        }
                    }
                }

                # Data/variable cleanup
                Write-PSFMessage -Level Debug -Message "Close Excel file and cleanup variables"
                $excelSheet.Dispose()
                $excelDocument.Dispose()
                Remove-Variable excelDocument, excelSheet, excelTable, tableData, data, param, item -Force -Confirm:$false -ErrorAction:Ignore
            }
            Remove-Variable file, files -Force -Confirm:$false -ErrorAction Ignore
        }
        Remove-Variable pathItem -Force -Confirm:$false -ErrorAction Ignore
    }

    end {
    }
}

function Move-WELCEventChannelManifest {
    <#
    .SYNOPSIS
        Move-WELCEventChannelManifest
 
    .DESCRIPTION
        Move a manifest with the compiled DLL file from a source to destination directory
 
        The manifest has to be rewritten to fit the destination path otherwise,
        there will be errors when registering/usering it
 
    .PARAMETER Path
        The path to the manifest file
 
        You can specify the fullname of the manifest-file (.man), or just the directory
 
        In case of a directory, all the manifest files in the directory will be processed
 
    .PARAMETER DestinationPath
        The path where to store the manifest and DLL file
 
    .PARAMETER Prepare
        The rewrite of the manifest will be done, but the files will not be moved
 
    .PARAMETER CopyMode
        Copy the files from the source to the destination, instead of moving them
 
    .PARAMETER PassThru
        The moved files will be parsed to the pipeline for further processing.
 
    .PARAMETER WhatIf
            If this switch is enabled, no actions are performed but informational messages will be displayed that explain what would happen if the command were to run.
 
    .PARAMETER Confirm
            If this switch is enabled, you will be prompted for confirmation before executing any operations that change state.
 
    .NOTES
        Author: Andreas Bellstedt
 
    .LINK
        https://github.com/AndiBellstedt/WinEventLogCustomization
 
    .EXAMPLE
        PS C:\> Move-WELCEventChannelManifest -Path C:\CustomDLLPath\MyChannel.man -DestinationPath $env:WinDir\System32
 
        The manifest and its DLL file will be copied to the system32 directory of the current windows installation
 
    .EXAMPLE
        PS C:\> Move-WELCEventChannelManifest -Path C:\CustomDLLPath -DestinationPath $env:WinDir\System32
 
        All manifest files will copied over to the system32 directory.
 
    .EXAMPLE
        PS C:\> Move-WELCEventChannelManifest -Path C:\CustomDLLPath\MyChannel.dll -DestinationPath $env:WinDir\System32 -Prepare
 
        The manifest will rewritten to the destination folder, but the actual file will not be moved
    #>

    [CmdletBinding(
        SupportsShouldProcess = $true,
        PositionalBinding = $true,
        ConfirmImpact = 'Medium'
    )]
    param (
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            Position = 0
        )]
        [ValidateNotNullOrEmpty()]
        [Alias("File", "FileName", "FullName")]
        [String[]]
        $Path,

        [Parameter(
            Mandatory = $true,
            Position = 1
        )]
        [String]
        $DestinationPath,

        [switch]
        $Prepare,

        [switch]
        $CopyMode,

        [switch]
        $PassThru
    )

    begin {
        $DestinationPath = $DestinationPath.TrimEnd("\")
        $DestinationPath = $DestinationPath | Resolve-Path | Get-Item | Select-Object -ExpandProperty FullName
    }

    process {
        $files = @()
        foreach ($pathItem in $Path) {
            # File and folder validity tests
            if (Test-Path -Path $pathItem -PathType Leaf) {
                Write-PSFMessage -Level Verbose -Message "Found file '$($pathItem)' as a valid file in path" -Target $env:COMPUTERNAME
                $files = $pathItem | Resolve-Path | Get-ChildItem | Select-Object -ExpandProperty FullName
            } elseif (Test-Path -Path $pathItem -PathType Container) {
                Write-PSFMessage -Level Verbose -Message "Getting files in path '$($pathItem)'" -Target $env:COMPUTERNAME
                $files = Get-ChildItem -Path $pathItem -File -Filter "*.man" | Select-Object -ExpandProperty FullName
                Write-PSFMessage -Level Verbose -Message "Found $($files.count) file$(if($files.count -gt 1){"s"}) in path" -Target $env:COMPUTERNAME
                if (-not $files) { Write-PSFMessage -Level Warning -Message "No manifest files found in path '$($pathItem)'" -Target $env:COMPUTERNAME }
            } elseif (-not (Test-Path  -Path $pathItem -PathType Any -IsValid)) {
                Write-PSFMessage -Level Error -Message "'$pathItem' is not a valid path or file." -Target $env:COMPUTERNAME
                continue
            } else {
                Write-PSFMessage -Level Error -Message "unable to open '$($pathItem)'" -Target $env:COMPUTERNAME
                continue
            }

            foreach ($file in $files) {

                # open XML file
                Write-PSFMessage -Level Verbose -Message "Opening XML manifest file '$($file)' to gather DLL information"
                $xmlfile = New-Object XML
                $xmlfile.Load($file)

                if (
                    $xmlfile.instrumentationManifest.schemaLocation -eq "http://schemas.microsoft.com/win/2004/08/events eventman.xsd" -and
                    $xmlfile.instrumentationManifest.xmlns -eq "http://schemas.microsoft.com/win/2004/08/events" -and
                    $xmlfile.instrumentationManifest.win -eq "http://manifests.microsoft.com/win/2004/08/windows/events" -and
                    $xmlfile.instrumentationManifest.xsi -eq "http://www.w3.org/2001/XMLSchema-instance" -and
                    $xmlfile.instrumentationManifest.xs -eq "http://www.w3.org/2001/XMLSchema" -and
                    $xmlfile.instrumentationManifest.trace -eq "http://schemas.microsoft.com/win/2004/08/events/trace"
                ) {
                    # Gather files and rewrite XML
                    $manifestFolder = Split-Path -Parent $file

                    Write-PSFMessage -Level Debug -Message "Gather path of resourceFileName DLL"
                    $resourceFileNameFullName = $xmlfile.instrumentationManifest.instrumentation.events.provider.resourceFileName
                    $resourceFileNamePath = Split-Path -Path $resourceFileNameFullName
                    $resourceFileNameFile = Split-Path -Path $resourceFileNameFullName -Leaf
                    if ($DestinationPath -like $resourceFileNamePath) {
                        Write-PSFMessage -Level Significant -Message "Source and destination path of ressource file '$resourceFileNameFullName' are the same. Nothing to do"
                    } else {
                        $destResourceFileName = "$($DestinationPath)\$($resourceFileNameFile)"
                        $xmlfile.instrumentationManifest.instrumentation.events.provider.resourceFileName = $destResourceFileName
                        Write-PSFMessage -Level Verbose -Message "Rewrite path of messageFileName DLL from '$($resourceFileNameFullName)' to '$($destResourceFileName)'"

                        if (Test-Path -Path $destResourceFileName -PathType Leaf) {
                            # DLL is already present in destination directory
                            $resourceFileNameFullName = $destResourceFileName
                        } elseif (Test-Path -Path "$($manifestFolder)\$($resourceFileNameFile)" -PathType Leaf) {
                            # DLL path in XML is wrong, but DLL is next to manifest file
                            $resourceFileNameFullName = "$($manifestFolder)\$($resourceFileNameFile)"
                        } elseif (Test-Path -Path $resourceFileNameFullName -PathType Leaf) {
                            # nothing to do, DLL is in path from xml file, but has to be mnoved somewhere different
                        } else {
                            Stop-PSFFunction -Message "Ressource file '$($resourceFileNameFile)' not found. Searched in folders: '$($resourceFileNamePath)', '$($manifestFolder)', '$($DestinationPath)'" -EnableException $true
                        }
                    }

                    Write-PSFMessage -Level Debug -Message "Gather path of messageFileName DLL"
                    $messageFileNameFullName = $xmlfile.instrumentationManifest.instrumentation.events.provider.messageFileName
                    $messageFileNamePath = Split-Path -Path $messageFileNameFullName
                    $messageFileNameFile = Split-Path -Path $messageFileNameFullName -Leaf
                    if ($DestinationPath -like $messageFileNamePath) {
                        Write-PSFMessage -Level Verbose -Message "Source and destination path of message file '$($messageFileNameFullName)' are the same. Nothing to do"
                    } else {
                        $destMessageFileName = "$($DestinationPath)\$($messageFileNameFile)"
                        $xmlfile.instrumentationManifest.instrumentation.events.provider.messageFileName = $destMessageFileName
                        Write-PSFMessage -Level Verbose -Message "Rewrite path of messageFileName DLL from '$($messageFileNameFullName)' to '$($destMessageFileName)'"

                        if (Test-Path -Path $destMessageFileName -PathType Leaf) {
                            # DLL is already present in destination directory
                            $messageFileNameFullName = $destMessageFileName
                        } elseif (Test-Path -Path "$($manifestFolder)\$($messageFileNameFile)" -PathType Leaf) {
                            # DLL path in XML is wrong, but DLL is next to manifest file
                            $messageFileNameFullName = "$($manifestFolder)\$($messageFileNameFile)"
                        } elseif (Test-Path -Path $messageFileNameFullName -PathType Leaf) {
                            # nothing to do, DLL is in path from xml file, but has to be mnoved somewhere different
                        } else {
                            Stop-PSFFunction -Message "Message file '$($messageFileNameFile)' not found. Searched in folders: '$($messageFileNamePath)', '$($manifestFolder)', '$($DestinationPath)'" -EnableException $true
                        }
                    }

                    Write-PSFMessage -Level Debug -Message "Gather path of parameterFileName DLL"
                    $parameterFileNameFullName = $xmlfile.instrumentationManifest.instrumentation.events.provider.parameterFileName
                    $parameterFileNamePath = Split-Path -Path $parameterFileNameFullName
                    $parameterFileNameFile = Split-Path -Path $parameterFileNameFullName -Leaf
                    if ($DestinationPath -like $parameterFileNamePath) {
                        Write-PSFMessage -Level Verbose -Message "Source and destination path of parameter file '$($parameterFileNameFullName)' are the same. Nothing to do"
                    } else {
                        $destParameterFileName = "$($DestinationPath)\$($parameterFileNameFile)"
                        $xmlfile.instrumentationManifest.instrumentation.events.provider.parameterFileName = $destParameterFileName
                        Write-PSFMessage -Level Verbose -Message "Rewrite path of parameterFileName DLL from '$($parameterFileNameFullName)' to '$($destParameterFileName)'"

                        if (Test-Path -Path $destParameterFileName -PathType Leaf) {
                            # DLL is already present in destination directory
                            $parameterFileNameFullName = $destParameterFileName
                        } elseif (Test-Path -Path "$($manifestFolder)\$($parameterFileNameFile)" -PathType Leaf) {
                            # DLL path in XML is wrong, but DLL is next to manifest file
                            $parameterFileNameFullName = "$($manifestFolder)\$($parameterFileNameFile)"
                        } elseif (Test-Path -Path $parameterFileNameFullName -PathType Leaf) {
                            # nothing to do, DLL is in path from xml file, but has to be mnoved somewhere different
                        } else {
                            Stop-PSFFunction -Message "Parameter file '$($parameterFileNameFile)' not found. Searched in folders: '$($parameterFileNamePath)', '$($manifestFolder)', '$($DestinationPath)'" -EnableException $true
                        }
                    }
                } else {
                    Stop-PSFFunction -Message "$($file) is not a actual manifest file" -EnableException $true
                }

                if ($pscmdlet.ShouldProcess("file '$($file)' with directory '$($DestinationPath)'", "Set")) {
                    $xmlfile.Save($file)
                    Write-PSFMessage -Level Verbose -Message "Save file '$($file)' in directory '$($DestinationPath)'"
                }

                if (-not $Prepare -or $CopyMode) {
                    Write-PSFMessage -Level Verbose -Message "Copy/Move manifest and DLL files into directory '$($DestinationPath)'"

                    if ($pscmdlet.ShouldProcess("File manifest '$($file)' to '$($DestinationPath)'$(if($CopyMode){"in CopyMode"})", "Move")) {
                        if ($CopyMode) {
                            Write-PSFMessage -Level Debug -Message "Copy manifest file"
                            $destfile = Copy-Item -Path $file -Destination $DestinationPath -Force -PassThru
                        } else {
                            Write-PSFMessage -Level Debug -Message "Move manifest file"
                            $destfile = Move-Item -Path $file -Destination $DestinationPath -Force -PassThru
                        }
                    }

                    if ($pscmdlet.ShouldProcess("Dll file '$($resourceFileNameFullName)' to '$($DestinationPath)'$(if($CopyMode){"in CopyMode"})", "Move")) {
                        if ($CopyMode) {
                            Write-PSFMessage -Level Debug -Message "Copy resourceFileName dll file"
                            Copy-Item -Path $resourceFileNameFullName -Destination $DestinationPath -Force
                        } else {
                            Write-PSFMessage -Level Debug -Message "Move resourceFileName dll file"
                            Move-Item -Path $resourceFileNameFullName -Destination $DestinationPath -Force
                        }
                    }

                    if ($messageFileNameFullName -notlike $resourceFileNameFullName) {
                        if ($pscmdlet.ShouldProcess("File message dll file '$($messageFileNameFullName)' to '$($DestinationPath)'$(if($CopyMode){"in CopyMode"})", "Move")) {
                            if ($CopyMode) {
                                Write-PSFMessage -Level Debug -Message "Copy messageFileName dll file"
                                Copy-Item -Path $messageFileNameFullName -Destination $DestinationPath -Force
                            } else {
                                Write-PSFMessage -Level Debug -Message "Move messageFileName dll file"
                                Move-Item -Path $messageFileNameFullName -Destination $DestinationPath -Force

                            }
                        }
                    }

                    if ($parameterFileNameFullName -notlike $resourceFileNameFullName) {
                        if ($pscmdlet.ShouldProcess("File parameter dll file '$($parameterFileNameFullName)' to '$($DestinationPath)'$(if($CopyMode){"in CopyMode"})", "Move")) {
                            if ($CopyMode) {
                                Write-PSFMessage -Level Debug -Message "Copy parameterFileName dll file"
                                Copy-Item -Path $parameterFileNameFullName -Destination $DestinationPath -Force
                            } else {
                                Write-PSFMessage -Level Debug -Message "Move parameterFileName dll file"
                                Move-Item -Path $parameterFileNameFullName -Destination $DestinationPath -Force
                            }
                        }
                    }

                    if ($PassThru) {
                        Write-PSFMessage -Level Verbose -Message "PassThru mode, outputting manifest file"
                        $destfile
                    }
                } else {
                    if ($PassThru) {
                        Write-PSFMessage -Level Verbose -Message "PassThru mode, outputting manifest file"
                        $file | Get-Item
                    }
                }
            }
        }
    }

    end {
    }
}

function New-WELCEventChannelManifest {
    <#
    .SYNOPSIS
        New-WELCEventChannelManifest
        Creates Manifest- and DLL-file for register custom Windows EventLog Channels
 
    .DESCRIPTION
        Creates Manifest- and DLL-file for register custom Windows EventLog Channels
 
        Once compiled, the files can be registered into a Windows EventLog system to
        allow custom logs.
 
    .PARAMETER InputObject
        WELC.Channeldefinition object to create manifest and the dll file from
 
        Can be piped in with somthing like:
        Import-WELCChannelDefinition -Path C:\EventLogs\WinEventLogCustomization.xlsx -OutputChannelDefinition
 
        Excel template file can be created/opened with Open-WELCExcelTemplate
 
    .PARAMETER ChannelFullName
        The full name for a EventChannel.
 
        Valid Formats are:
        "FolderRoot/ChannelName"
        "FolderRoot/SubFolder1/SubFolder2/ChannelName"
 
        String have to be specified correctly with slashes ("/"), NOT with backslash ("\")!
 
    .PARAMETER FolderRoot
        Name of the folder within the Windows EventLog System under "Application and Services"
 
    .PARAMETER FolderSecondLevel
        Name of the folder within the "FolderRoot"
 
    .PARAMETER FolderThirdLevel
        Name of the folder within the "FolderSecondLevel"
 
    .PARAMETER ChannelName
        Name of the EventChannel within it's folder
 
    .PARAMETER ChannelSymbol
        Name of the ChannelSymbol
 
        Optional. If not specified, the name will be derived from the ChannelName
 
    .PARAMETER ProviderName
        Name of the EventLog Provider
 
        Optional. If not specified, the name will be derived from the folder name(s)
 
 
    .PARAMETER ProviderSymbol
        Name of the ProviderSymbol
 
        Optional. If not specified, the name will be derived from the ProviderName
 
    .PARAMETER OutputFile
        The filename of the manifest to create.
        Please specify only a FILE name, not a full qualified path
 
        If not specified, the name will be derived from the ChannelFullName/ ChannelName
 
    .PARAMETER DestinationPath
        Output path for manifest- and the dll file to register an EventChannel within the Windows EventLog system
 
    .PARAMETER WhatIf
            If this switch is enabled, no actions are performed but informational messages will be displayed that explain what would happen if the command were to run.
 
    .PARAMETER Confirm
            If this switch is enabled, you will be prompted for confirmation before executing any operations that change state.
 
    .NOTES
        Author: Andreas Bellstedt
 
        Adopted from Russell Tomkins "Project Sauron"
            Author: Russell Tomkins
            Github: https://www.github.com/russelltomkins/ProjectSauron
 
            Originbal description:
            ---------------------
            Name: Create-Manifest.ps1
            Version: 1.1
            Author: Russell Tomkins - Microsoft Premier Field Engineer
            Blog: https://aka.ms/russellt
            Refer to this blog series for more details
            http://blogs.technet.microsoft.com/russellt/2017/03/23/project-sauron-part-1
 
 
    .LINK
        https://github.com/AndiBellstedt/WinEventLogCustomization
 
    .EXAMPLE
        PS C:\> New-WELCEventChannelManifest -InputObject $ChannelDefinition
 
        Creates the manfifest- and DLL-file to register a custom EventLog channel in Windows
        Output depend on content in Excel file. Each root channel will be a manifest- (,man) and a DLL-file.
 
        Assuming that the variable $ChannelDefinition contains a WELC.ChannelDefinition object(list)
        PS C:\> $ChannelDefinition = Import-WELCChannelDefinition -Path CustomEventLogChannel.xlsx
 
    .EXAMPLE
        PS C:\> Import-WELCChannelDefinition -Path CustomEventLogChannel.xlsx | New-WELCEventChannelManifest
 
        Creates the Manfifest file and compile dll file(s) from the content of 'CustomEventLogChannel.xlsx'
 
    .EXAMPLE
        PS C:\> New-WELCEventChannelManifest -ChannelFullName "ChannelFolder/ChannelName"
 
        Creates a manifest (ChannelFolder.man) and compile a dll file (ChannelFolder.dll) with a single EventLogChannel "ChannelName" and a folder "ChannelFolder"
 
    .EXAMPLE
        PS C:\> "MyFolder/MyChannel1", "MyFolder/MyChannel2", "MyFolder/MyChannel3", "MyFolder/MyChannel4" | New-WELCEventChannelManifest
 
        Creates a manifest (MyChannel.man) and compile a dll file (MyChannel.dll) with 4 EventLogChannels MyChannel1-4 in the folder "MyFolder"
    #>

    [CmdletBinding(
        SupportsShouldProcess = $true,
        PositionalBinding = $true,
        ConfirmImpact = 'Medium',
        DefaultParameterSetName = 'ManualDefinition'
    )]
    Param(
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $true,
            ParameterSetName = "InputObject",
            Position = 0
        )]
        [ValidateNotNullOrEmpty()]
        [Alias("Object", "In", "ChannelDefinition")]
        [WELC.ChannelDefinition[]]
        $InputObject,

        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            ParameterSetName = "ManualFullChannelName",
            Position = 0
        )]
        [ValidateNotNullOrEmpty()]
        [Alias("FullName")]
        [String]
        $ChannelFullName,

        [Parameter(ParameterSetName = "ManualFullChannelName")]
        [String]
        $ChannelSymbol,

        [Parameter(ParameterSetName = "ManualFullChannelName")]
        [String]
        $ProviderName,

        [Parameter(ParameterSetName = "ManualFullChannelName")]
        [String]
        $ProviderSymbol,

        [Parameter(
            Mandatory = $true,
            ParameterSetName = "ManualDefinition",
            Position = 0
        )]
        [ValidateNotNullOrEmpty()]
        [Alias("Root", "FolderNameRoot", "RootFolderName")]
        [String]
        $FolderRoot,

        [Parameter(
            Mandatory = $false,
            ParameterSetName = "ManualDefinition",
            Position = 1
        )]
        [ValidateNotNullOrEmpty()]
        [Alias("SecondLevel", "FolderNameSecondLevel", "SecondLevelFolderName")]
        [String]
        $FolderSecondLevel,

        [Parameter(
            Mandatory = $false,
            ParameterSetName = "ManualDefinition",
            Position = 2
        )]
        [ValidateNotNullOrEmpty()]
        [Alias("ThirdLevel", "FolderNameThirdLevel", "ThirdLevelFolderName")]
        [String]
        $FolderThirdLevel,

        [Parameter(
            Mandatory = $true,
            ParameterSetName = "ManualDefinition",
            Position = 3
        )]
        [ValidateNotNullOrEmpty()]
        [String]
        $ChannelName,

        [Alias("FileName")]
        [String]
        $OutputFile,

        [ValidateNotNullOrEmpty()]
        [Alias("OutputPath")]
        [String]
        $DestinationPath = ".\"
    )

    Begin {
        #region Constants
        Write-PSFMessage -Level Debug -Message "Initalizing constants"
        # Path to csc.exe in windows
        [String]$WindowsCSCPath = "$($env:windir)\Microsoft.NET\Framework64\v4.0.30319"
        Write-PSFMessage -Level Debug -Message ".NET Framework in '$($WindowsCSCPath)'"

        # Compilation tools from the windows SDK. The required executables are "mc.exe", "rc.exe" and "rcdll.dll". There is another tool "ecmangen.exe" (EventChannel ManifestGenerator) which is usefull to check and maintain the manifest files.
        [String]$CompilationToolPath = "$($MyInvocation.MyCommand.Module.ModuleBase)\bin"
        Write-PSFMessage -Level Debug -Message "Binary CompilationTool is in '$($CompilationToolPath)'"

        # Path where the output files, and some other temp files from the compilation process are stored.
        [String]$TempPath = "$($env:TEMP)\WELC_$([guid]::NewGuid().guid)"
        Write-PSFMessage -Level Debug -Message "Operating in temporary path '$($TempPath)'"
        #endregion Constants


        #region Variables
        $channelDefinitions = @()
        #endregion Variables


        #region Validity checks
        Write-PSFMessage -Level Debug -Message "Initial parameter validation"
        # Check for required resscoures und compilation folder
        if ($DestinationPath.EndsWith('\')) { $DestinationPath = $DestinationPath.TrimEnd('\') }
        $DestinationPath = Resolve-Path $DestinationPath -ErrorAction Stop | Select-Object -ExpandProperty Path

        # Check for temp folder
        if ($TempPath.EndsWith('\')) { $TempPath = $TempPath.TrimEnd('\') }
        if (Test-Path -Path $TempPath -IsValid) {
            if (-not (Test-Path -Path $TempPath -PathType Container)) {
                Write-PSFMessage -Level Debug -Message "Creating temporary directory '$($TempPath)'"
                New-Item -Path $TempPath -ItemType Directory -Force -WhatIf:$false | Out-Null
                $TempPath = Resolve-Path $TempPath -ErrorAction Stop | Select-Object -ExpandProperty Path
            }
        } else {
            throw "$($TempPath) is not a valid path"
        }

        # Check for required resscoures und compilation folder
        if ($CompilationToolPath.EndsWith('\')) { $CompilationToolPath = $CompilationToolPath.TrimEnd('\') }
        Resolve-Path $CompilationToolPath -ErrorAction Stop | Out-Null
        Test-Path -Path "$($CompilationToolPath)\mc.exe" -ErrorAction Stop | Out-Null
        Test-Path -Path "$($CompilationToolPath)\rc.exe" -ErrorAction Stop | Out-Null
        Test-Path -Path "$($CompilationToolPath)\rcdll.dll" -ErrorAction Stop | Out-Null
        Write-PSFMessage -Level Debug -Message "Binary tools found in CompilationTool path '$($CompilationToolPath)'"
        #endregion Validity checks
    }

    Process {
        Write-PSFMessage -Level Debug -Message "ParameterNameSet: $($PsCmdlet.ParameterSetName)"
        switch ($pscmdlet.ParameterSetName) {
            "InputObject" {
                $channelDefinitions += foreach ($item in $InputObject) {
                    $item
                }
            }

            "ManualFullChannelName" {
                $channelDefinitions += foreach ($_channelFullName in $ChannelFullName) {
                    # Validate the parameters - if SecondLevel is specified, ThirdLevel has to be present also
                    Write-PSFMessage -Level Debug -Message "Validating ChannelFullName '$($_channelFullName)'"
                    if ($_channelFullName -match (Get-PSFConfigValue -FullName WinEventLogCustomization.MatchString.ChannelName)) {
                        $_channelName = $_channelFullName
                    } else {
                        Stop-PSFFunction -Message "Invalid format on ChannelFullName '$($_channelFullName)'. Valid format for ChannelFullName must be somthing like 'FolderRoot-FolderSecondLevel-FolderThirdLevel/ChannelName' or 'FolderRoot/ChannelName'" -EnableException $true
                    }

                    if (-not $ChannelSymbol) {
                        $_channelSymbol = [String]::Join("_", $_channelFullName.Split("-").Split("/").ToUpper())
                        Write-PSFMessage -Level Debug -Message "ChannelSymbol not specified. Derive value '$($_channelSymbol)' from ChannelFullName"
                    } else {
                        if ($ChannelSymbol -match (Get-PSFConfigValue -FullName WinEventLogCustomization.MatchString.ChannelSymbol)) {
                            $_channelSymbol = $ChannelSymbol.ToUpper()
                        } else {
                            Stop-PSFFunction -Message "Invalid format on ChannelSymbol '$($ChannelSymbol)'. Valid format for ChannelSymbol must be somthing like 'FolderRoot_FolderSecondLevel_FolderThirdLevel_ChannelName' or 'FolderRoot_ChannelName'" -EnableException $true
                        }
                    }

                    if (-not $ProviderName) {
                        $_providerName = $_channelFullName.Replace( "/$($_channelFullName.Split("/")[-1])", "")
                        Write-PSFMessage -Level Debug -Message "ProviderName not specified. Derive value '$($_providerName)' from ChannelFullName"
                    } else {
                        if ($ProviderName -match (Get-PSFConfigValue -FullName WinEventLogCustomization.MatchString.ProviderName)) {
                            $_providerName = $ProviderName
                        } else {
                            Stop-PSFFunction -Message "Invalid format on ProviderName '$($ProviderName)'. Valid format for ProviderName must be somthing like 'FolderRoot-FolderSecondLevel-FolderThirdLevel' or 'FolderRoot'" -EnableException $true
                        }
                    }

                    if (-not $ProviderSymbol) {
                        $_providerSymbol = [String]::Join("_", ($_channelFullName.Replace( "/$($_channelFullName.Split("/")[-1])", "")).Split("-").ToUpper())
                        Write-PSFMessage -Level Debug -Message "ChannelSymbol not specified. Derive value '$($_providerSymbol)' from ChannelFullName"
                    } else {
                        if ($ProviderSymbol -match (Get-PSFConfigValue -FullName WinEventLogCustomization.MatchString.ProviderSymbol)) {
                            $_providerSymbol = $ProviderSymbol.ToUpper()
                        } else {
                            Stop-PSFFunction -Message "Invalid format on ProviderSymbol '$($ProviderSymbol)'. Valid Format for ProviderSymbol must be somthing like 'FolderRoot-FolderSecondLevel-FolderThirdLevel' or 'FolderRoot'" -EnableException $true
                        }

                    }

                    # Create custom "WEC.ChannelDefinition" object
                    Write-PSFMessage -Level Verbose -Message "Create ChannelDefinition object from '$($_channelFullName)'"
                    [PSCustomObject]@{
                        ProviderSymbol = $_providerSymbol
                        ProviderName   = $_providerName
                        ChannelName    = $_channelName
                        ChannelSymbol  = $_channelSymbol
                    }

                    # Cleanup the mess of variables
                    Write-PSFMessage -Level Debug -Message "Cleanup variables"
                    Remove-Variable _channelSymbol, _channelName, _providerSymbol, _providerName -Force -ErrorAction Ignore -WarningAction Ignore -Verbose:$false -Confirm:$false -WhatIf:$false -Debug:$false
                }
            }

            "ManualDefinition" {
                # Validate the parameters - if SecondLevel is specified, ThirdLevel has to be present also
                if ($FolderSecondLevel -and ($null -eq $FolderThirdLevel)) {
                    Write-PSFMessage -Level Warning -Message "Parameter 'FolderSecondLevel' was specified, but 'FolderThirdLevel' is missing."
                    Write-PSFMessage -Level Warning -Message "By design, only 'FolderRoot' or all the FolderPaths has to be specified."
                    Stop-PSFFunction -Message "Aborting creation."
                }

                # Build variables for custom ChannelDefinition object
                Write-PSFMessage -Level Debug -Message "Arranging data for ChannelDefinition object"
                [Array]$_folderNames = $FolderRoot, $FolderSecondLevel, $FolderThirdLevel | ForEach-Object { if ($_) { $_ } }
                [Array]$_providerSymbols = $FolderRoot.toupper(), $FolderSecondLevel.toupper(), $FolderThirdLevel.toupper() | ForEach-Object { if ($_) { $_ } }
                [Array]$_channelSymbols = $_providerSymbols + $ChannelName.toupper()

                $_providerName = [String]::Join("-", $_folderNames)
                $_providerSymbol = [String]::Join("_", $_providerSymbols)
                $_channelName = [String]::Join("-", $_folderNames) + "/" + $ChannelName
                $_channelSymbol = [String]::Join("_", $_channelSymbols)

                # Create custom "WEC.ChannelDefinition" object
                Write-PSFMessage -Level Verbose -Message "Create ChannelDefinition object for '$($_channelName)'"
                $channelDefinitions = [PSCustomObject]@{
                    ProviderSymbol = $_providerSymbol
                    ProviderName   = $_providerName
                    ChannelName    = $_channelName
                    ChannelSymbol  = $_channelSymbol
                }

                # Cleanup the mess of variables
                Write-PSFMessage -Level Debug -Message "Cleanup variables"
                Remove-Variable _channelSymbol, _channelName, _providerSymbol, _providerName, _channelSymbols, _providerSymbols, _folderNames -Force -ErrorAction Ignore -Confirm:$false -WhatIf:$false -Debug:$false
            }

            Default {
                throw "Undefined ParameterSet. Developers mistake."
            }
        }
    }

    End {
        Write-PSFMessage -Level Verbose -Message "Collected $($channelDefinitions.Count) channel definition$(if($channelDefinitions.Count -gt 1){"s"})"

        [array]$baseNames = $channelDefinitions | Select-Object -ExpandProperty ProviderName | Foreach-Object { $_.split("-")[0] } | Sort-Object -Unique
        Write-PSFMessage -Level Verbose -Message "Going to create $($baseNames.Count) manifest file$(if($baseNames.Count -gt 1){"s"}) from collected channel definition$(if($channelDefinitions.Count -gt 1){"s"})"
        foreach ($baseName in $baseNames) {
            # Shorten Name for file
            if ($pscmdlet.ParameterSetName -like "InputObject") {
                if ($OutputFile) {
                    $OutputFile = $OutputFile.Replace( ".$($OutputFile.Split(".")[-1])", "")
                    $fileName = $OutputFile + "_" + $baseName.Replace(" ", "")
                } else {
                    $fileName = $baseName.Replace(" ", "")
                }
            } else {
                if ($OutputFile) {
                    $fileName = $OutputFile.Replace( ".$($OutputFile.Split(".")[-1])", "")
                } else {
                    $fileName = $baseName.Replace(" ", "")
                }
            }

            # The Resource and Message DLL that will be referenced in the manifest
            $fileNameDLL = $fileName + ".dll"
            $fullNameDLLTemp = $TempPath + "\" + $fileNameDLL
            $fullNameDLLDestination = $DestinationPath + "\" + $fileNameDLL

            # The Manifest file
            $fileNameManifest = $fileName + ".man"
            $fullNameManifestTemp = $TempPath + "\" + $fileNameManifest

            Write-PSFMessage -Level Verbose -Message "Arraging manifest: $($fileName) ('$($DestinationPath + "\" + $fileNameManifest)', '$($fullNameDLLDestination)')"

            # Filter down the the full channel list
            $channelSelection = $channelDefinitions | Where-Object ProviderName -like "$($baseName)*"

            # Extract the provider information from input
            $providers = $channelSelection | Select-Object -Property ProviderSymbol, ProviderName -Unique | Foreach-Object { $_ | Select-Object *, @{n = "ProviderGuid"; e = { ([guid]::NewGuid()).Guid } } }

            #region Create the manifest XML document
            Write-PSFMessage -Level Verbose -Message "Working on group '$($baseName)' with $(([array]$channelSelection).Count) channel definitions in $(([array]$providers).count) folders"

            #region Basic XML object definition
            Write-PSFMessage -Level Debug -Message "Start building manifest XML document"
            # Create the manifest XML document
            $XmlWriter = [System.XMl.XmlTextWriter]::new($fullNameManifestTemp, $null)

            # Set the formatting
            $xmlWriter.Formatting = "Indented"
            $xmlWriter.Indentation = "4"

            # Write the XML decleration
            $xmlWriter.WriteStartDocument()

            # Create instrumentation manifest
            $xmlWriter.WriteStartElement("instrumentationManifest")
            $xmlWriter.WriteAttributeString("xsi:schemaLocation", "http://schemas.microsoft.com/win/2004/08/events eventman.xsd")
            $xmlWriter.WriteAttributeString("xmlns", "http://schemas.microsoft.com/win/2004/08/events")
            $xmlWriter.WriteAttributeString("xmlns:win", "http://manifests.microsoft.com/win/2004/08/windows/events")
            $xmlWriter.WriteAttributeString("xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance")
            $xmlWriter.WriteAttributeString("xmlns:xs", "http://www.w3.org/2001/XMLSchema")
            $xmlWriter.WriteAttributeString("xmlns:trace", "http://schemas.microsoft.com/win/2004/08/events/trace")

            # Create instrumentation, events and provider elements
            $xmlWriter.WriteStartElement("instrumentation")
            $xmlWriter.WriteStartElement("events")
            #endregion Basic XML object definition

            foreach ($provider in $providers) {
                Write-PSFMessage -Level Verbose -Message "Writing provider '$($provider.ProviderName)' (GUID:$($provider.ProviderGUID))"
                # Start the provider
                $xmlWriter.WriteStartElement("provider")

                $xmlWriter.WriteAttributeString("name", $provider.ProviderName)
                $xmlWriter.WriteAttributeString("guid", "{$($provider.ProviderGUID)}")
                $xmlWriter.WriteAttributeString("symbol", $provider.ProviderSymbol)
                $xmlWriter.WriteAttributeString("resourceFileName", $fullNameDLLDestination)
                $xmlWriter.WriteAttributeString("messageFileName", $fullNameDLLDestination)
                $xmlWriter.WriteAttributeString("parameterFileName", $fullNameDLLDestination)

                # Start channels collection
                $xmlWriter.WriteStartElement("channels")

                [array]$channels = $channelSelection | Where-Object ProviderSymbol -eq $provider.ProviderSymbol | Select-Object -Property ChannelName, ChannelSymbol
                ForEach ($channelItem in $channels) {
                    Write-PSFMessage -Level Verbose -Message "Writing channel '$($channelItem.ChannelName)'"
                    # Start the channel
                    $xmlWriter.WriteStartElement("channel")

                    $xmlWriter.WriteAttributeString("name", $channelItem.ChannelName)
                    $xmlWriter.WriteAttributeString("chid", ($channelItem.ChannelName).Replace(' ', ''))
                    $xmlWriter.WriteAttributeString("symbol", $channelItem.ChannelSymbol)
                    $xmlWriter.WriteAttributeString("type", "Admin")
                    $xmlWriter.WriteAttributeString("enabled", "false")

                    # Closing the channel
                    $xmlWriter.WriteEndElement()
                }

                # Closing the channels
                $xmlWriter.WriteEndElement()

                # Closing the provider
                $xmlWriter.WriteEndElement()
            }

            #region Basic XML object definition
            $xmlWriter.WriteEndElement() # Closing events
            $xmlWriter.WriteEndElement() # Closing Instrumentation
            $xmlWriter.WriteEndElement() # Closing instrumentationManifest

            # End the XML Document
            $xmlWriter.WriteEndDocument()

            # Finish The Document
            $xmlWriter.Finalize
            $xmlWriter.Flush()
            $xmlWriter.Close()
            #endregion Basic XML object definition

            Write-PSFMessage -Level Verbose -Message "Manifest file '$($fileNameManifest)' has been generated ($( [math]::Round( ((Get-ChildItem -Path $fullNameManifestTemp).length / 1KB),1))KB)"
            #endregion Create The Manifest XML Document


            #region Compile the manifest to DLL
            Write-PSFMessage -Level Verbose -Message "Starting the compilation process on '$($fileNameDLL)'"
            $tempFilesExisting = @()
            $finalFilesExisting = @()
            $finalFilesExpected = @($fullNameManifestTemp, $fullNameDLLTemp)

            #region generates "**.h", "**.rc" and "**TEMP.BIN" file from xml manifest
            Write-PSFMessage -Level Debug -Message "Generate '$($fileName).h', '$($fileName).rc' and '$($fileName)TEMP.BIN' files from xml manifest"
            $tempFilesExpected = @("$($TempPath)\$($fileName).h", "$($TempPath)\$($fileName).rc", "$($TempPath)\$($fileName)TEMP.BIN")
            $tempFilesExpected | Get-ChildItem -ErrorAction SilentlyContinue | Remove-Item -Force -Confirm:$false
            $paramExecute = @{
                FilePath         = "$($CompilationToolPath)\mc.exe"
                ArgumentList     = $fullNameManifestTemp
                WorkingDirectory = $TempPath
                NoNewWindow      = $true
                Wait             = $true
            }
            if ($PSEdition -like "Core") { $paramExecute.Add("WhatIf", $false) }
            Start-Process @paramExecute

            Write-PSFMessage -Level Debug -Message "Validating generated files"
            foreach ($tempFile in $tempFilesExpected) {
                if (Test-Path -Path $tempFile -NewerThan (Get-Date).AddSeconds(-5)) {
                    $tempFilesExisting += Get-ChildItem $tempFile -ErrorAction Stop
                } else {
                    Stop-PSFFunction -Message "Expected temp file '$($tempFile)' is present, but has a too old timestamp. Something went wrong. Aborting process" -EnableException $true
                }
            }
            Write-PSFMessage -Level Debug -Message "File generated: $([string]::Join(", ", $tempFilesExpected))"
            #endregion generates "**.h", "**.rc" and "**TEMP.BIN" file from xml manifest

            #region generates "**.cs" file from xml manifest
            Write-PSFMessage -Level Debug -Message "Generate '$($fileName).cs' file from xml manifest"
            $tempFilesExpected = @( "$($TempPath)\$($fileName).cs" )
            $tempFilesExpected | Get-ChildItem -ErrorAction SilentlyContinue | Remove-Item -Force -Confirm:$false
            $paramExecute = @{
                FilePath         = "$($CompilationToolPath)\mc.exe"
                ArgumentList     = "-css NameSpace $($fullNameManifestTemp)"
                WorkingDirectory = $TempPath
                NoNewWindow      = $true
                Wait             = $true
            }
            if ($PSEdition -like "Core") { $paramExecute.Add("WhatIf", $false) }
            Start-Process @paramExecute

            Write-PSFMessage -Level Debug -Message "Validating generated '$($fileName).cs' file"
            foreach ($tempFile in $tempFilesExpected) {
                if (Test-Path -Path $tempFile -NewerThan (Get-Date).AddSeconds(-5)) {
                    $tempFilesExisting += Get-ChildItem $tempFile -ErrorAction Stop
                } else {
                    Stop-PSFFunction -Message "Expected temp file '$($tempFile)' is present, but has a too old timestamp. Something went wrong. Aborting process" -EnableException $true
                }
            }
            Write-PSFMessage -Level Debug -Message "CS file generated: $([string]::Join(", ", $tempFilesExpected)) "
            #endregion generates "**.cs" file from xml manifest

            #region generates "**.res" file from xml manifest
            Write-PSFMessage -Level Debug -Message "Generate '$fileName).res' file from '$($fileName).rc' file"
            $tempFilesExpected = @("$($TempPath)\$($fileName).res")
            $tempFilesExpected | Get-ChildItem -ErrorAction SilentlyContinue | Remove-Item -Force -Confirm:$false
            $paramExecute = @{
                FilePath         = "$($CompilationToolPath)\rc.exe"
                ArgumentList     = "$($fileName).rc"
                WorkingDirectory = $TempPath
                Wait             = $true
                WindowStyle      = "Hidden"
            }
            if ($PSEdition -like "Core") { $paramExecute.Add("WhatIf", $false) }
            Start-Process @paramExecute

            Write-PSFMessage -Level Debug -Message "Validating generated '$($fileName).res' file"
            foreach ($tempFile in $tempFilesExpected) {
                if (Test-Path -Path $tempFile -NewerThan (Get-Date).AddSeconds(-5)) {
                    $tempFilesExisting += Get-ChildItem $tempFile -ErrorAction Stop
                } else {
                    Stop-PSFFunction -Message "Expected temp file '$($tempFile)' is present, but has a too old timestamp. Something went wrong. Aborting process" -EnableException $true
                }
            }
            Write-PSFMessage -Level Debug -Message "Res file generated: $([string]::Join(", ", $tempFilesExpected)) "
            #endregion generates "**.res" file from xml manifest

            #region final compilation of the dll file
            Write-PSFMessage -Level Debug -Message "Finally compiling '$fileName).dll' file from generated meta files"
            $paramExecute = @{
                FilePath         = "$($WindowsCSCPath)\csc.exe"
                ArgumentList     = "/win32res:$($TempPath)\$($fileName).res /unsafe /target:library /out:$($TempPath)\$($fileName).dll $($TempPath)\$($fileName).cs"
                WorkingDirectory = $TempPath
                Wait             = $true
                WindowStyle      = "Hidden"
            }
            if ($PSEdition -like "Core") { $paramExecute.Add("WhatIf", $false) }
            Start-Process @paramExecute

            Write-PSFMessage -Level Debug -Message "Validating generated '$($fileName).dll' file"
            foreach ($FinalFile in $finalFilesExpected) {
                if (Test-Path -Path $FinalFile -NewerThan (Get-Date).AddSeconds(-15)) {
                    $finalFilesExisting += Get-ChildItem $FinalFile -ErrorAction Stop
                } else {
                    Stop-PSFFunction -Message "Expected temp file '$($FinalFile)' is present, but has a too old timestamp. Something went wrong. Aborting process" -EnableException $true
                }
            }
            Write-PSFMessage -Level Debug -Message "DLL file generated: $($TempPath)\$($fileName).dll"

            if ($pscmdlet.ShouldProcess("'$($fileNameManifest)' and '$($fileNameDLL)' in '$($DestinationPath)'", "Create")) {
                Write-PSFMessage -Level Verbose -Message "Writing final $($finalFilesExisting.Count) files to '$($DestinationPath)'"
                $finalFilesExisting | Copy-Item -Destination $DestinationPath -Force -ErrorAction Stop
            }
            #endregion final compilation of the dll file

            Write-PSFMessage -Level Verbose -Message "Finished process group '$($baseName)'"
            #endregion Compile the manifest to DLL
        }


        #region Cleanup
        Write-PSFMessage -Level Verbose -Message "Cleaning up temporary path '$($TempPath)'"
        Remove-Item -Path $TempPath -Force -Recurse -ErrorAction SilentlyContinue -WhatIf:$false
        #endregion Cleanup
    }
}

function Open-WELCExcelTemplate {
    <#
        .Synopsis
            Open-WELCExcelTemplate
 
        .DESCRIPTION
            Open Excel template file for managing custom EventLog channel definition
 
            For obvious reason, Excel or equivalent tools needs to be present on the machine
 
        .EXAMPLE
            PS C:\> Open-WELCExcelTemplate
 
            Open a new Excel file from a template file within the module WindowsEventLogCustomization
 
        .NOTES
            Author: Andreas Bellstedt
 
        .LINK
            https://github.com/AndiBellstedt/WinEventLogCustomization
    #>

    [CmdLetBinding(
        SupportsShouldProcess = $false,
        ConfirmImpact = 'Low'
    )]
    param(
    )

    begin {
    }

    process {
    }

    end {
        $path = "$($ModuleRoot)\bin\WinEventLogCustomization.xltx"
        $pathExtension = $path.Split(".")[-1]
        $null = New-PSDrive -PSProvider registry -Root HKEY_CLASSES_ROOT -Name HKCR

        Write-PSFMessage -Level Debug -Message "Looking for application to open '$($pathExtension)' files"
        # parse registry for file extension
        $registryFileLinkInfo = Get-Item "HKCR:\.$($pathExtension)" -ErrorAction SilentlyContinue
        if ($registryFileLinkInfo) {
            # parse registry for linked appliaction info to open/ create new file from template
            $registryAppLinkInfo = Get-Item "HKCR:\$($registryFileLinkInfo.GetValue(''))\shell\new\command" -ErrorAction SilentlyContinue
            if (-not $registryAppLinkInfo) {
                Write-PSFMessage -Level Debug -Message "No 'create new' shell info found. Try to query 'shell open' info"
                $registryAppLinkInfo = Get-Item "HKCR:\$($registryFileLinkInfo.GetValue(''))\shell\Open\command" -ErrorAction SilentlyContinue
            }
        }

        if ($registryAppLinkInfo) {
            Write-PSFMessage -Level Debug -Message "Found application info '$($registryFileLinkInfo.GetValue(''))'. Parsing shell command '$($registryAppLinkInfo.GetValue(''))'"
            $invokeCmd = $registryAppLinkInfo.GetValue('') -replace "%1", $path
            $invokeCmd = ($invokeCmd -split '"') | Where-Object { $_ -and $_ -notlike " " } | ForEach-Object { $_.trim() }
        }

        if ($invokeCmd.Count -ge 2) {
            Write-PSFMessage -Level Debug -Message "Found application link '$($registryFileLinkInfo.GetValue(''))' in registry to open template file. Going to invoke '$($invokeCmd[0])' $($invokeCmd[-1])"

            if (Test-Path -Path $path) {
                Write-PSFMessage -Level Verbose -Message "Opening '$($path)'"
                Start-Process -FilePath $invokeCmd[0] -ArgumentList $invokeCmd[1 .. ($invokeCmd.count - 1)]
            } else {
                Write-PSFMessage -Level Error -Message "Missing template file in module. Unable to find '$($path)'"
            }
        } else {
            if ($registryFileLinkInfo) {
                Write-PSFMessage -Level Debug -Message "Unable parse shell command to open template file from registry, but file extension info is present in registry. Try to blindly invoke the template file item as a fallback"
                Invoke-Item -Path $path
            } else {
                Write-PSFMessage -Level Error -Message "Unable to open template file, due to no application for opening '$($pathExtension)-files' seems to be installed"
            }
        }
    }
}

function Register-WELCEventChannelManifest {
    <#
    .SYNOPSIS
        Register-WELCEventChannelManifest
 
    .DESCRIPTION
        Register a compiled DLL and the manifest file to windows EventLog sytem
        The content of the registered manifest appears in EventLog reader unter Application and Services Logs
 
    .PARAMETER Path
        The path to the manifest (and the dll) file
 
    .PARAMETER ComputerName
        The computer where to register the manifest file
 
    .PARAMETER Session
        PowerShell Session object where to register the manifest file
 
    .PARAMETER DestinationPath
        The path where to store the manifest and DLL file
 
        By default, this is the same as "Path", as long, as you do not specify something else.
        If you use remoting to register the manifest on a remote computer the files will be
        copied over locally into DestinationPath on the remote computer
 
    .PARAMETER Credential
        The credentials to use on remote calls
 
    .PARAMETER WhatIf
        If this switch is enabled, no actions are performed but informational messages will be displayed that explain what would happen if the command were to run.
 
    .PARAMETER Confirm
        If this switch is enabled, you will be prompted for confirmation before executing any operations that change state.
 
    .NOTES
        Author: Andreas Bellstedt
 
    .LINK
        https://github.com/AndiBellstedt/WinEventLogCustomization
 
    .EXAMPLE
        PS C:\> Register-WELCEventChannelManifest -Path C:\CustomDLLPath\MyChannel.man
 
        Register the manfifest-file to Windows EventLog System, so it appears in Application and Services Logs.
        Next to the MyChannel.man file, there has to be a MyChannel.dll.
 
        The manifest and DLL file will be registered from the path C:\CustomDLLPath and has to remain there.
 
    .EXAMPLE
        PS C:\> Register-WELCEventChannelManifest -Path C:\CustomDLLPath\MyChannel.man -DestinationPath $env:WinDir\System32
 
        Register the manfifest-file to Windows EventLog System, so it appears in Application and Services Logs.
        Next to the MyChannel.man file, there has to be a MyChannel.dll.
 
        The manifest and DLL file will be copied to the system32 directory of the current windows installation.
        From there it is registered and has to remain in that folder.
 
    .EXAMPLE
        PS C:\> Register-WELCEventChannelManifest -Path C:\CustomDLLPath\MyChannel.man -ComputerName SRV01
 
        Register the manfifest-file to Windows EventLog System on the remote computer "SRV01".
 
        The manifest and DLL file will be registered from the the local path "C:\CustomDLLPath" on "SRV01" and has to remain there.
 
    .EXAMPLE
        PS C:\> Register-WELCEventChannelManifest -Path C:\CustomDLLPath\MyChannel.man -Sesion $PSSession
 
        Register the manfifest-file to Windows EventLog System on all connections within the $PSSession variable
 
        Assuming $PSSession variable is created something like this:
        $PSSession = New-PSSession -ComputerName SRV01
    #>

    [CmdletBinding(
        SupportsShouldProcess = $true,
        PositionalBinding = $true,
        ConfirmImpact = 'Medium',
        DefaultParameterSetName = 'ComputerName'
    )]
    param (
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            Position = 0
        )]
        [ValidateNotNullOrEmpty()]
        [Alias("File", "FileName", "FullName")]
        [String[]]
        $Path,

        [Parameter(
            ParameterSetName = "ComputerName",
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            Position = 1
        )]
        [Alias("Host", "Hostname", "Computer", "DNSHostName")]
        [PSFComputer[]]
        $ComputerName = $env:COMPUTERNAME,

        [Parameter(
            ParameterSetName = "Session",
            Position = 1
        )]
        [System.Management.Automation.Runspaces.PSSession[]]
        $Session,

        [Parameter(ParameterSetName = "ComputerName")]
        [PSCredential]
        $Credential,

        [String]
        $DestinationPath
    )

    begin {
        # If session parameter is used -> transfer it to ComputerName,
        # The class "PSFComputer" from PSFramework can handle it. This simplifies the handling in the further process block
        if ($Session) { $ComputerName = $Session.ComputerName }
        $DestinationPath = $DestinationPath.TrimEnd("\")

        $pathBound = Test-PSFParameterBinding -ParameterName Path
        $computerBound = Test-PSFParameterBinding -ParameterName ComputerName
    }

    process {
        #region parameterset workarround
        Write-PSFMessage -Level Debug -Message "ParameterNameSet: $($PsCmdlet.ParameterSetName)"

        # Workarround parameter binding behaviour of powershell in combination with ComputerName Piping
        if (-not ($pathBound -or $computerBound) -and $ComputerName.InputObject -and $PSCmdlet.ParameterSetName -ne "Session") {
            if ($ComputerName.InputObject -is [string]) { $ComputerName = $env:ComputerName } else { $Path = "" }
        }
        #endregion parameterset workarround

        #region Processing Events
        foreach ($pathItem in $Path) {
            # File and folder validation
            if (Test-Path -Path $pathItem -PathType Leaf) {
                Write-PSFMessage -Level Verbose -Message "Found file '$($pathItem)' as a valid file in path" -Target $env:COMPUTERNAME
                $files = $pathItem | Resolve-Path | Get-ChildItem | Select-Object -ExpandProperty FullName
            } elseif (Test-Path -Path $pathItem -PathType Container) {
                Write-PSFMessage -Level Verbose -Message "Getting files in path '$($pathItem)'" -Target $env:COMPUTERNAME
                $files = Get-ChildItem -Path $pathItem -File -Filter "*.man" | Select-Object -ExpandProperty FullName
                Write-PSFMessage -Level Verbose -Message "Found $($files.count) file$(if($files.count -gt 1){"s"}) in path" -Target $env:COMPUTERNAME
                if (-not $files) { Write-PSFMessage -Level Warning -Message  "No manifest files found in path '$($pathItem)'" -Target $env:COMPUTERNAME }
            } elseif (-not (Test-Path  -Path $pathItem -PathType Any -IsValid)) {
                Write-PSFMessage -Level Error -Message "'$pathItem' is not a valid path or file." -Target $env:COMPUTERNAME
                continue
            } else {
                Write-PSFMessage -Level Error -Message "unable to open '$($pathItem)'" -Target $env:COMPUTERNAME
                continue
            }

            foreach ($file in $files) {
                if (-not $DestinationPath) { $DestinationPath = Split-Path -Path $file }

                # Check for dll paths in manifest / prepare dll paths in manifest for different destination path
                if (
                    (-not (Test-WELCEventChannelManifest -Path $file -OnlyDLLPath)) -or
                    ((split-path $file) -notlike $DestinationPath)
                ) {
                    [String]$tempPath = "$($env:TEMP)\WELC_$([guid]::NewGuid().guid)"
                    if (Test-Path -Path $tempPath -IsValid) {
                        if (-not (Test-Path -Path $tempPath -PathType Container)) {
                            New-Item -Path $tempPath -ItemType Directory -Force | Out-Null
                            $tempPath = Resolve-Path $tempPath -ErrorAction Stop | Select-Object -ExpandProperty Path
                        }
                    }
                    Write-PSFMessage -Level Verbose -Message "Prepare '$($file)' for destination '$($DestinationPath)'"

                    $tempFile = Move-WELCEventChannelManifest -Path $file -DestinationPath $tempPath -CopyMode -PassThru -ErrorAction Stop | Select-Object -ExpandProperty FullName

                    $file = Move-WELCEventChannelManifest -Path $tempFile -DestinationPath $DestinationPath -Prepare -PassThru | Select-Object -ExpandProperty FullName
                }

                Write-PSFMessage -Level Verbose -Message "Opening XML manifest file '$($file)' to gather DLL information"
                $xmlfile = New-Object XML
                $xmlfile.Load($file)

                $dllFiles = @()

                Write-PSFMessage -Level Debug -Message "Gather path of resourceFileName DLL"
                $dllFileList = $xmlfile.instrumentationManifest.instrumentation.events.provider.resourceFileName
                foreach ($dllFile in $dllFileList) {
                    if ((Test-Path -Path $dllFile -PathType Leaf) -and ((Split-Path -Path $dllFile) -notlike $DestinationPath)) {
                        $dllFiles += $dllFile
                    } else {
                        $dllFile = "$(split-path $file)\$(Split-Path -Path $dllFile -Leaf)"
                        if (Test-Path -Path $dllFile -PathType Leaf) {
                            $dllFiles += $dllFile
                        } else {
                            Stop-PSFFunction -Message "Unexpected behavior while locating ressource dll file"
                        }
                    }
                }

                Write-PSFMessage -Level Debug -Message "Gather path of messageFileName DLL"
                $dllFileList = $xmlfile.instrumentationManifest.instrumentation.events.provider.messageFileName
                foreach ($dllFile in $dllFileList) {
                    if ((Test-Path -Path $dllFile -PathType Leaf) -and ((Split-Path -Path $dllFile) -notlike $DestinationPath)) {
                        $dllFiles += $dllFile
                    } else {
                        $dllFile = "$(split-path $file)\$(Split-Path -Path $dllFile -Leaf)"
                        if (Test-Path -Path $dllFile -PathType Leaf) {
                            $dllFiles += $dllFile
                        } else {
                            Stop-PSFFunction -Message "Unexpected behavior while locating message dll file"
                        }
                    }
                }

                Write-PSFMessage -Level Debug -Message "Gather path of parameterFileName DLL"
                $dllFileList = $xmlfile.instrumentationManifest.instrumentation.events.provider.parameterFileName
                foreach ($dllFile in $dllFileList) {
                    if ((Test-Path -Path $dllFile -PathType Leaf) -and ((Split-Path -Path $dllFile) -notlike $DestinationPath)) {
                        $dllFiles += $dllFile
                    } else {
                        $dllFile = "$(split-path $file)\$(Split-Path -Path $dllFile -Leaf)"
                        if (Test-Path -Path $dllFile -PathType Leaf) {
                            $dllFiles += $dllFile
                        } else {
                            Stop-PSFFunction -Message "Unexpected behavior while locating parameter dll file"
                        }
                    }
                }

                $dllFiles = $dllFiles | Sort-Object -Unique
                Write-PSFMessage -Level Verbose -Message "Found $($dllFiles.count) dll: $([string]::Join(", ", $dllFiles))"


                # Process computers
                foreach ($computer in $ComputerName) {
                    Write-PSFMessage -Level Verbose -Message "Processing file '$($file)' on computer '$($computer)'"

                    # When remoting is used, transfer files first
                    if (($PSCmdlet.ParameterSetName -eq "Session") -or (-not $computer.IsLocalhost)) {
                        Write-PSFMessage -Level Verbose -Message "Going to transfer file into destination '$($DestinationPath)' on remote computer"

                        if ($pscmdlet.ShouldProcess("Manifest '$($file)' and dll to computer '$($computer)'", "Transfer")) {

                            # Create PS remoting session
                            if ($PSCmdlet.ParameterSetName -ne "Session") {
                                $paramSession = @{
                                    "ComputerName" = $computer.ToString()
                                    "ErrorAction"  = "Stop"
                                }
                                if ($Credential) { $paramSession.Add("Credential", $Credential) }

                                try {
                                    $Session = New-PSSession @paramSession
                                } catch {
                                    Write-PSFMessage -Level Error -Message "Error creating remoting session to computer '$($computer)'" -Target $computer -ErrorRecord $_
                                    break
                                }
                            }

                            # Transfer files
                            Copy-Item -ToSession $Session -Destination $DestinationPath -Force -Path $file
                            Copy-Item -ToSession $Session -Destination $DestinationPath -Force -Path $dllFiles
                        }
                    } elseif ((split-path $file) -notlike $DestinationPath) {
                        Write-PSFMessage -Level Verbose -Message "Going to copy file into destination '$($DestinationPath)'"
                        Copy-Item -Destination $DestinationPath -Force -Path $file
                        Copy-Item -Destination $DestinationPath -Force -Path $dllFiles
                    }

                    # Register manifest
                    if ($pscmdlet.ShouldProcess("Manifest '$($file)' on computer '$($computer)'", "Register")) {

                        $destFileName = "$($DestinationPath)\$(split-path $file -Leaf)"
                        $paramInvokeCmd = [ordered]@{
                            "ComputerName" = $computer.ToString()
                            "ErrorAction"  = "Stop"
                            ErrorVariable  = "ErrorReturn"
                            "ArgumentList" = $destFileName
                        }
                        if ($PSCmdlet.ParameterSetName -eq "Session") { $paramInvokeCmd['ComputerName'] = $Session }
                        if ($Credential) { $paramInvokeCmd.Add("Credential", $Credential) }

                        Write-PSFMessage -Level Verbose -Message "Registering manifest '$($destFileName)' on computer '$($computer)'" -Target $computer
                        try {
                            $null = Invoke-PSFCommand @paramInvokeCmd -ScriptBlock {
                                try { [Console]::OutputEncoding = [System.Text.Encoding]::UTF8 } catch { Write-Information -MessageData "Exception while setting UTF8 OutputEncoding. Continue script." }
                                $output = . "$($env:windir)\system32\wevtutil.exe" "install-manifest" "$($args[0])" *>&1
                                $output = $output | Where-Object { $_.InvocationInfo.MyCommand.Name -like 'wevtutil.exe' } *>&1
                                if ($output) { Write-Error -Message "$([string]::Join(" ", $output.Exception.Message.Replace("`r`n"," ")))" -ErrorAction Stop }
                            }
                            if ($ErrorReturn) { Write-Error "Error registering manifest" -ErrorAction Stop }
                        } catch {
                            Stop-PSFFunction -Message "Unable to register manifest '$($destFileName)' on computer '$($computer)'" -Target $computer -ErrorRecord $_
                        }

                    }
                }

                if ($tempPath) {
                    Write-PSFMessage -Level Debug -Message "Cleaning up temporary directory '$($tempPath)'"
                    Remove-Item -Path $tempPath -Recurse -Force -Confirm:$false -WhatIf:$false -Verbose:$false -Debug:$false -ErrorAction:Ignore
                }
            }
        }
    }

    end {
    }
}

function Set-WELCEventChannel {
    <#
    .SYNOPSIS
        Set-WELCEventChannel
 
    .DESCRIPTION
        Set various properties on a EventChannel
 
    .PARAMETER ChannelConfig
        InputObject (WELC.ChannelConfig) from Excel Template file
 
        Can be created by
            Import-WELCChannelDefinition -Path ".\MyTemplate.xls" -OutputChannelConfig
 
    .PARAMETER EventChannel
        InputObject from Get-WELCEventChannel
 
        Available Alias on the parameter: EventLogChannel
 
    .PARAMETER ChannelFullName
        The name of the channel to be set
 
    .PARAMETER ComputerName
        The computer where to set the configuration
 
    .PARAMETER Enabled
        The status of the logfile. By default the logfiles are enabled after execution
 
    .PARAMETER LogMode
        Specifies how events in the EventChannel are treated, if the EventChannel reaches the maximum.
 
        Possilibilites:
            "AutoBackup" = File from EventChannel will be renamed and a newly file will be created
            "Circular" = Oldest event will be overwritten
            "Retain" = Newly events will be refused
 
    .PARAMETER LogFilePath
        The path in the filesystem for the EventChannel EVTX file
 
        This can be a full qualified filename - if only ONE EventChannel is to be set/ piped in.
        Effectivly this means a rename of the file for the EventChannel.
 
        If multiple configurations should be set/ piped in, the value on this parameter
        should be a FOLDER, not a file!
 
    .PARAMETER CompressLogFolder
        Specifies if the folder with the log files get compressed
 
    .PARAMETER MaxEventLogSize
        The maximum size in bytes for the EventChannel
 
    .PARAMETER AllowFileAccessForLocalService
        The WellKnownPrincipal 'Local Service' will add in the NTFS ACL to gain access to the logfile
 
        If the channel is planned to be used in "Windows Event Forwarding" this should probably set to true
 
    .PARAMETER EventChannelSDDL
        SDDL string to set access on the eventlog within the WinodwsEventLog system itself
 
        This access object controls who can view events in the EventLog for this channel
        So it's not on the filesystem, it's in MMC, WMI or PowerShell
 
    .PARAMETER PassThru
        The moved files will be parsed to the pipeline for further processing.
 
    .PARAMETER WhatIf
            If this switch is enabled, no actions are performed but informational messages will be displayed that explain what would happen if the command were to run.
 
    .PARAMETER Confirm
            If this switch is enabled, you will be prompted for confirmation before executing any operations that change state.
 
    .NOTES
        Author: Andreas Bellstedt
 
        This a is quite far modified version from Project Sauron fork.
            Name: Prep-EventChannels.ps1
            Version: 1.1
            Author: Russell Tomkins - Microsoft Premier Field Engineer
            Blog: https://aka.ms/russellt
 
            Preparation of event channels to receive event collection subscriptions from an input CSV
            Source: https://www.github.com/russelltomkins/ProjectSauron
 
            Refer to this blog series for more details
            http://blogs.technet.microsoft.com/russellt/2017/03/23/project-sauron-part-1
 
    .LINK
        https://github.com/AndiBellstedt/WinEventLogCustomization
 
 
    .EXAMPLE
        PS C:\> Set-WELCEventChannel -ChannelFullName "App1/MyLog" -LogMode Circular -LogFilePath "C:\EventLogs\App1-MyLog.evtx"
 
        Set the 'MyLog' EventLog in the EventFolder 'App1' to circular logging and the path of the logfile to 'C:\EventLogs\App1-MyLog.evtx'
 
    .EXAMPLE
        PS C:\> $channels | Set-WELCEventChannel -Enabled $true -MaxEventLogSize 1GB
 
        Enables the EventChannels from the $channels variable and set maximum size to 1GB.
 
        Assuming the $channels variable is filled with something like
        $channels = Get-WELCEventChannel -ChannelFullName "App1/MyLog", "App2/MyLog"
 
    .EXAMPLE
        PS C:\> $ChannelConfig | Set-WELCEventChannel -Enabled $true -CompressLogFolder $true -AllowFileAccessForLocalService $true
 
        Enables the EventChannels from the $ChannelConfig variable and set all the properties within the $ChannelConfig variable.
        Additionally, the logfile/logfolder for the EventLogs will be compressed (except if it is a folder in Windows\System32),
        and the SID for "Local Service" gain Read/Write-Access.
 
        Assuming the $channels variable is filled with something like
        $ChannelConfig = Import-WELCChannelDefinition -Path C:\EventLogs\WinEventLogCustomization.xlsx -OutputChannelConfig
 
        Excel template file can be created/opened with Open-WELCExcelTemplate
 
    #>

    [CmdletBinding(
        DefaultParameterSetName = "ChannelName",
        SupportsShouldProcess = $true,
        PositionalBinding = $true,
        ConfirmImpact = 'Medium'
    )]
    [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSReviewUnusedParameter", '', Justification = "Intentional, Pester not covering the usage correct")]
    Param(
        [Parameter(
            ParameterSetName = "TemplateChannelConfig",
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            Position = 0
        )]
        [ValidateNotNullOrEmpty()]
        [WELC.ChannelConfig[]]
        $ChannelConfig,

        [Parameter(
            ParameterSetName = "EventChannel",
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            Position = 0
        )]
        [Alias("EventLogChannel")]
        [WELC.EventLogChannel[]]
        $EventChannel,

        [Parameter(
            ParameterSetName = "ChannelName",
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            Position = 0
        )]
        [Alias("ChannelName")]
        [String[]]
        $ChannelFullName,

        [Parameter(
            ParameterSetName = "TemplateChannelConfig",
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            Position = 1
        )]
        [Parameter(
            ParameterSetName = "ChannelName",
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            Position = 1
        )]
        [Alias("Host", "Hostname", "Computer", "DNSHostName")]
        [PSFComputer[]]
        $ComputerName = $env:COMPUTERNAME,

        [Parameter(ParameterSetName = "EventChannel")]
        [Parameter(ParameterSetName = "ChannelName")]
        [bool]
        $Enabled,

        [Parameter(ParameterSetName = "EventChannel")]
        [Parameter(ParameterSetName = "ChannelName")]
        [int]
        $MaxEventLogSize,

        [Parameter(ParameterSetName = "EventChannel")]
        [Parameter(ParameterSetName = "ChannelName")]
        [ValidateSet("AutoBackup", "Circular", "Retain")]
        [string]
        $LogMode,

        [Parameter(ParameterSetName = "EventChannel")]
        [Parameter(ParameterSetName = "ChannelName")]
        [String]
        $LogFilePath,

        [Parameter(ParameterSetName = "EventChannel")]
        [Parameter(ParameterSetName = "ChannelName")]
        [Alias("Compress")]
        [bool]
        $CompressLogFolder,

        [bool]
        $AllowFileAccessForLocalService,

        [String]
        $EventChannelSDDL,

        [switch]
        $PassThru
    )

    Begin {
        $channelFullNameBound = Test-PSFParameterBinding -ParameterName ChannelFullName
        $computerBound = Test-PSFParameterBinding -ParameterName ComputerName^

        $configList = New-Object System.Collections.ArrayList

        # validation on parameter LogFilePath
        if ($LogFilePath) {
            $LogFilePath = $LogFilePath.TrimEnd("\")

            if ($LogFilePath -like '%SystemRoot%*') { $LogFilePath = $LogFilePath.Replace('%SystemRoot%', $env:SystemRoot) }

            if ($LogFilePath.EndsWith(".evtx")) {
                $logFileFolder = Split-Path -Path $LogFilePath
                $logFileFullName = $LogFilePath
            } else {
                $logFileFolder = $LogFilePath
                $logFileFullName = "ToBeCalculated"
            }
        }

        # if compression is set and windows-folder is specified as LogFilePath -> abort, to avoid 'unhealthy' system modification
        if ($LogFilePath -like "$($env:SystemRoot)\System32\*" -and $CompressLogFolder -eq $true) {
            Stop-PSFFunction -Message "Hardcoded exception, not going to set compression within windows-System32-folder. Aborting function" -EnableException $true
            break
        }
    }

    Process {
        #region parameterset workarround
        Write-PSFMessage -Level Debug -Message "ParameterNameSet: $($PsCmdlet.ParameterSetName)"

        #ToDo: Check if this behaves right. What is if ComputerName "foo" is piped in and Channelfullname is specified, and vice versa
        # Workarround parameter binding behaviour of powershell in combination with ComputerName Piping
        if (-not ($channelFullNameBound -or $computerBound) -and $ComputerName.InputObject) {
            if ($ComputerName.InputObject -is [string]) { $ComputerName = $env:ComputerName } else { $ChannelFullName = "" }
        }
        #endregion parameterset workarround


        switch ($pscmdlet.ParameterSetName) {
            "TemplateChannelConfig" {
                Write-PSFMessage -Level Verbose -Message "Gathering $(([array]$ChannelConfig).count) channel configurations"
                foreach ($channelConfigItem in $ChannelConfig) {
                    foreach ($computer in $ComputerName) {
                        $eventChannel = $null
                        $eventChannel = Get-WELCEventChannel -ChannelFullName $channelConfigItem.ChannelName -ComputerName $computer -ErrorAction SilentlyContinue
                        if ($eventChannel) {
                            foreach ($eventChannelItem in $eventChannel) {
                                Write-PSFMessage -Level Debug -Message "Collecting config object for '$($eventChannelItem.Name)' on '$($computer)'"
                                $null = $configList.Add(
                                    [PSCustomObject]@{
                                        EventChannel                   = $eventChannelItem
                                        Enabled                        = $channelConfigItem.Enabled
                                        MaxEventLogSize                = $channelConfigItem.MaxEventLogSize
                                        LogMode                        = $channelConfigItem.LogMode
                                        LogFileFullName                = $channelConfigItem.LogFullName
                                        LogFilePath                    = (Split-Path -Path $channelConfigItem.LogFullName)
                                        CompressLogFolder              = $CompressLogFolder
                                        AllowFileAccessForLocalService = $AllowFileAccessForLocalService
                                        EventChannelSDDL               = $EventChannelSDDL
                                    }
                                )
                            }
                        } else {
                            Write-PSFMessage -Level Warning -Message "Skipping '$($channelConfigItem.ChannelName)' on '$($computer)'"
                            continue
                        }
                    }
                }
            }

            "EventChannel" {
                foreach ($eventChannelItem in $EventChannel) {
                    Write-PSFMessage -Level Debug -Message "Collecting config object for '$($eventChannelItem.ChannelFullName)' on '$($eventChannelItem.ComputerName)'"

                    if (Test-PSFParameterBinding -ParameterName MaxEventLogSize) { $_MaxEventLogSize = $MaxEventLogSize }else { $_MaxEventLogSize = $null }
                    if (Test-PSFParameterBinding -ParameterName LogMode) { $_LogMode = $LogMode } else { $_LogMode = $null }
                    if ($logFileFullName -like "ToBeCalculated") { $_LogFileFullName = "$($logFileFolder)\$($eventChannelItem.LogFile)" } elseif (Test-PSFParameterBinding -ParameterName LogFilePath) { $_LogFileFullName = $logFileFullName } else { $_LogFileFullName = $null }
                    if (Test-PSFParameterBinding -ParameterName LogFilePath) { $_LogFilePath = $logFileFolder } else { $_LogFilePath = $null }
                    if (Test-PSFParameterBinding -ParameterName Enabled) { $_Enabled = $Enabled } else { $_Enabled = $null }
                    if (Test-PSFParameterBinding -ParameterName CompressLogFolder) { $_CompressLogFolder = $CompressLogFolder } else { $_CompressLogFolder = $null }
                    if (Test-PSFParameterBinding -ParameterName AllowFileAccessForLocalService) { $_AllowFileAccessForLocalService = $AllowFileAccessForLocalService } else { $_AllowFileAccessForLocalService = $null }
                    if (Test-PSFParameterBinding -ParameterName EventChannelSDDL) { $_EventChannelSDDL = $EventChannelSDDL } else { $_EventChannelSDDL = $null }

                    $null = $configList.Add(
                        [PSCustomObject]@{
                            EventChannel                   = $eventChannelItem
                            Enabled                        = $_Enabled
                            MaxEventLogSize                = $_MaxEventLogSize
                            LogMode                        = $_LogMode
                            LogFileFullName                = $_LogFileFullName
                            LogFilePath                    = $_LogFilePath
                            CompressLogFolder              = $_CompressLogFolder
                            AllowFileAccessForLocalService = $_AllowFileAccessForLocalService
                            EventChannelSDDL               = $_EventChannelSDDL
                        }
                    )
                }
            }

            "ChannelName" {
                foreach ($channelNameItem in $ChannelFullName) {
                    foreach ($computer in $ComputerName) {
                        $eventChannel = $null
                        $eventChannel = Get-WELCEventChannel -ChannelFullName $channelNameItem -ComputerName $computer -ErrorAction SilentlyContinue
                        if ($eventChannel) {
                            foreach ($eventChannelItem in $eventChannel) {
                                Write-PSFMessage -Level Debug -Message "Collecting config object for '$($eventChannelItem.Name)' on '$($computer)'"

                                if (Test-PSFParameterBinding -ParameterName MaxEventLogSize) { $_MaxEventLogSize = $MaxEventLogSize }else { $_MaxEventLogSize = $null }
                                if (Test-PSFParameterBinding -ParameterName LogMode) { $_LogMode = $LogMode } else { $_LogMode = $null }
                                if ($logFileFullName -like "ToBeCalculated") { $_LogFileFullName = "$($logFileFolder)\$($eventChannelItem.LogFile)" } elseif (Test-PSFParameterBinding -ParameterName LogFilePath) { $_LogFileFullName = $logFileFullName } else { $_LogFileFullName = $null }
                                if (Test-PSFParameterBinding -ParameterName LogFilePath) { $_LogFilePath = $logFileFolder } else { $_LogFilePath = $null }
                                if (Test-PSFParameterBinding -ParameterName Enabled) { $_Enabled = $Enabled } else { $_Enabled = $null }
                                if (Test-PSFParameterBinding -ParameterName CompressLogFolder) { $_CompressLogFolder = $CompressLogFolder } else { $_CompressLogFolder = $null }
                                if (Test-PSFParameterBinding -ParameterName AllowFileAccessForLocalService) { $_AllowFileAccessForLocalService = $AllowFileAccessForLocalService } else { $_AllowFileAccessForLocalService = $null }
                                if (Test-PSFParameterBinding -ParameterName EventChannelSDDL) { $_EventChannelSDDL = $EventChannelSDDL } else { $_EventChannelSDDL = $null }

                                $null = $configList.Add(
                                    [PSCustomObject]@{
                                        EventChannel                   = $eventChannelItem
                                        Enabled                        = $_Enabled
                                        MaxEventLogSize                = $_MaxEventLogSize
                                        LogMode                        = $_LogMode
                                        LogFileFullName                = $_LogFileFullName
                                        LogFilePath                    = $_LogFilePath
                                        CompressLogFolder              = $_CompressLogFolder
                                        AllowFileAccessForLocalService = $_AllowFileAccessForLocalService
                                        EventChannelSDDL               = $_EventChannelSDDL
                                    }
                                )
                            }
                        } else {
                            Write-PSFMessage -Level Warning -Message "Skipping '$($channelNameItem)' on '$($computer)'"
                            continue
                        }
                    }
                }
            }

            Default {
                Stop-PSFFunction -Message "Unhandeled ParameterSetName. Developers mistake." -EnableException $true
                throw
            }
        }

    }

    End {
        # invalid configuration attempt - Parameter 'LogFilePath' specified as file and multiple channels should be configured
        if ($pscmdlet.ParameterSetName -notlike "TemplateChannelConfig" -and $LogFilePath -and $logFileFullName -notlike "ToBeCalculated" -and $configList.count -gt 1) {
            Stop-PSFFunction -Message "Parameter 'LogFilePath' was specified as a file, but more than one EventChannels where specified/piped. This leads to unvalid configuration. Each EventChannel has to have it's own LogFile. Please specify a folder on parameter 'LogFilePath'. Aborting..." -EnableException $true
            throw
        }

        Write-PSFMessage -Level Verbose -Message "Working trough list of $($configList.Count) collected EventChannel$(if($configList.Count -gt 1){"s"}) to configure"
        foreach ($configItem in $configList) {
            Write-PSFMessage -Level Verbose -Message "Processing '$($configItem.EventChannel.Name)' on '$($configItem.EventChannel.PSComputerName)'"

            # Get current folder for EventLogFile
            $eventLogFolderCurrent = Invoke-PSFCommand -ComputerName $configItem.EventChannel.PSComputerName -ArgumentList $configItem.EventChannel.LogFolder -ScriptBlock {
                $_query = "select * from CIM_Directory where name = `"$($args[0].Replace('\','\\'))`""
                Get-CimInstance -Query $_query -ErrorAction SilentlyContinue -Verbose:$false -Debug:$false
            }

            # Check if FilePath for EventChannel should be modified
            if ($configItem.LogFilePath -and ($eventLogFolderCurrent.Name -notlike $configItem.LogFilePath)) {
                Write-PSFMessage -Level Verbose -Message "Set new path '$($configItem.LogFilePath)' for EventChannel"

                # First, check if destination folder is already present
                Write-PSFMessage -Level Debug -Message "Test new path: $($configItem.LogFilePath)"
                $destinationFolder = Invoke-PSFCommand -ComputerName $configItem.EventChannel.PSComputerName -ArgumentList $configItem.LogFilePath -ErrorVariable invokeErrors -ScriptBlock {
                    $_query = "select * from CIM_Directory where name = `"$($args[0].Replace('\','\\'))`""
                    $_result = Get-CimInstance -Query $_query -ErrorAction Ignore -Verbose:$false -Debug:$false

                    # if folder is not present, try to query root folder, to check if drive is valid
                    if (-not $_result) { $null = Get-Item -Path "$($args[0].split("\")[0])\" -ErrorAction SilentlyContinue } else { $_result }
                }

                # if error occured = drive is not present/valid
                if ($invokeErrors.Exception) {
                    Write-PSFMessage -Level Error -Message "Invalid path '$($configItem.LogFilePath)' on system '$($configItem.EventChannel.PSComputerName)'! Possibly inaccessable drive/volume" -EnableException $true -Exception $invokeErrors.Exception -ErrorRecord $invokeErrors -Target $configItem.EventChannel.PSComputerName
                    continue
                }
                Remove-Variable -Name invokeErrors -Force -Confirm:$false -WhatIf:$false -Verbose:$false -Debug:$false -ErrorAction Ignore

                # if folder is not available, create it
                If (-not $destinationFolder) {
                    if ($pscmdlet.ShouldProcess("EventChannel '$($configItem.EventChannel.Name)' on computer '$($configItem.EventChannel.PSComputerName)'", "Create folder '$($configItem.LogFilePath)'")) {
                        Write-PSFMessage -Level Verbose -Message "Create folder '$($configItem.LogFilePath)' for EventChannel"

                        try {
                            $destinationFolder = Invoke-PSFCommand -ComputerName $configItem.EventChannel.PSComputerName -ArgumentList $configItem.LogFilePath -ErrorAction Stop -ErrorVariable invokeErrors -ScriptBlock {
                                $_folder = New-Item -Type Directory -Path $args[0] -Force -ErrorAction Stop
                                $_query = "select * from CIM_Directory where name = `"$($_folder.FullName.Replace('\','\\'))`""
                                Get-CimInstance -Query $_query -ErrorAction SilentlyContinue -Verbose:$false -Debug:$false
                            }
                        } catch {
                            Write-PSFMessage -Level Error -Message "Unable to create folder '$($configItem.LogFilePath)' on '$($configItem.EventChannel.PSComputerName)'" -EnableException $true -Exception $_.Exception -ErrorRecord $_ -Target $configItem.EventChannel.PSComputerName
                            continue
                        }
                    }
                }

                # Set new folder to EventChannel
                if ($pscmdlet.ShouldProcess("EventChannel '$($configItem.EventChannel.Name)' on computer '$($configItem.EventChannel.PSComputerName)'", "Set new destination '$($configItem.LogFileFullName)'")) {
                    Write-PSFMessage -Level Verbose -Message "Set new destination '$($configItem.LogFileFullName)' for EventChannel '$($configItem.EventChannel.Name)' on computer '$($configItem.EventChannel.PSComputerName)'"

                    $invokeParam = @{
                        "ComputerName"  = $configItem.EventChannel.PSComputerName
                        "ArgumentList"  = ($configItem.EventChannel.Name , $configItem.LogFileFullName)
                        "ErrorAction"   = "Stop"
                        "ErrorVariable" = "invokeErrors"
                    }
                    try {
                        Invoke-PSFCommand @invokeParam -ScriptBlock {
                            $_eventChannelName = $args[0]
                            $_logFileFullName = $args[1]

                            $_channel = Get-WinEvent -ListLog $_eventChannelName -Force -ErrorAction Stop
                            $error.Clear()

                            # backup current status
                            $_currentIsEnabled = $_channel.IsEnabled

                            # Disable to change settings
                            $_channel.IsEnabled = $false
                            $_channel.SaveChanges()

                            # Set path on channel
                            $_channel.LogFilePath = $_logFileFullName
                            $_channel.IsEnabled = $_currentIsEnabled
                            $_channel.SaveChanges()
                            if ($error.Exception) { Write-Error "" -ErrorAction Stop }
                        }
                    } catch {
                        Write-PSFMessage -Level Error -Message "Unable to set new destination '$($configItem.LogFileFullName)' on '$($configItem.EventChannel.PSComputerName)'" -EnableException $true -Exception $_.Exception -ErrorRecord $_ -Target $configItem.EventChannel.PSComputerName
                    }
                }
            } else {
                $destinationFolder = $eventLogFolderCurrent
            }
            Remove-Variable -Name invokeErrors -Force -Confirm:$false -WhatIf:$false -Verbose:$false -Debug:$false -ErrorAction Ignore


            # Add an ACE to allow LOCAL SERVICE to modify the folder
            if ($configItem.AllowFileAccessForLocalService) {
                if ($pscmdlet.ShouldProcess("EventChannel '$($configItem.EventChannel.Name)' on computer '$($configItem.EventChannel.PSComputerName)'", "Add ACE for 'localSystem' on folder '$($configItem.LogFilePath)'")) {
                    Write-PSFMessage -Level Verbose -Message "Set ntfs permission for 'local service' to folder '$($destinationFolder.name)' on '$($configItem.EventChannel.PSComputerName)'"

                    $invokeParam = @{
                        "ComputerName"  = $configItem.EventChannel.PSComputerName
                        "ArgumentList"  = ($destinationFolder.name)
                        "ErrorAction"   = "Stop"
                        "ErrorVariable" = "invokeErrors"
                    }
                    try {
                        Invoke-PSFCommand @invokeParam -ScriptBlock {
                            $_destinationFolderName = $args[0]
                            $ace = New-Object System.Security.AccessControl.FileSystemAccessRule(
                                [System.Security.Principal.SecurityIdentifier]::new("S-1-5-19").Translate([System.Security.Principal.NTAccount]).Value,
                                'Modify',
                                'ContainerInherit,ObjectInherit',
                                'None',
                                'Allow'
                            )

                            $logPathACL = $_destinationFolderName | Get-Item -ErrorAction Stop | Get-ACL -ErrorAction Stop
                            if (-not ($logPathACL.Access | Where-Object { $_.IdentityReference -like $ace.IdentityReference -and $_.FileSystemRights -like $ace.FileSystemRights -and $_.AccessControlType -like $ace.AccessControlType })) {
                                $logPathACL.AddAccessRule($ace)
                                $logPathACL | Set-ACL -ErrorAction Stop
                            }
                        }
                    } catch {
                        Write-PSFMessage -Level Error -Message "Unable to set ntfs permission for 'local service' to folder '$($destinationFolder.name)' on '$($configItem.EventChannel.PSComputerName)'. Message: $($_.Exception.Message)" -EnableException $true -Exception $_.Exception -ErrorRecord $_ -Target $configItem.EventChannel.PSComputerName
                        continue
                    }
                    Remove-Variable -Name invokeErrors -Force -Confirm:$false -WhatIf:$false -Verbose:$false -Debug:$false -ErrorAction Ignore
                }
            }

            # Set compression on folder
            if ($configItem.CompressLogFolder) {
                if ($pscmdlet.ShouldProcess("EventChannel '$($configItem.EventChannel.Name)' on computer '$($configItem.EventChannel.PSComputerName)'", "Set compression '$($configItem.CompressLogFolder)' on folder '$($configItem.LogFilePath)'")) {
                    Write-PSFMessage -Level Verbose -Message "Set compression '$($configItem.CompressLogFolder)' to folder '$($destinationFolder)' on '$($configItem.EventChannel.PSComputerName)'"

                    $invokeParam = @{
                        "ComputerName"    = $configItem.EventChannel.PSComputerName
                        "ArgumentList"    = ($destinationFolder, $configItem.CompressLogFolder)
                        "ErrorAction"     = "Stop"
                        "ErrorVariable"   = "invokeErrors"
                        "WarningAction"   = "SilentlyContinue"
                        "WarningVariable" = "invokeWarnings"
                    }
                    try {
                        Invoke-PSFCommand @invokeParam -ScriptBlock {
                            $_destinationFolder = $args[0]
                            $_Compression = $args[1]
                            $_query = "select * from CIM_Directory where name = `"$($_destinationFolder.Name.Replace('\','\\'))`""
                            $_cimResult = $null
                            $returnCodes = [ordered]@{
                                0  = "Success"
                                2  = "Access denied"
                                8  = "Unspecified failure"
                                9  = "Invalid object"
                                10 = "Object already exists"
                                11 = "File system not NTFS"
                                12 = "Platform not Windows"
                                13 = "Drive not the same"
                                14 = "Directory not empty"
                                15 = "Sharing violation"
                                16 = "Invalid start file"
                                17 = "Privilege not held"
                                21 = "Invalid parameter"
                            }

                            if ($_Compression -eq $true -and $_destinationFolder.Compressed -eq $false) {
                                $_cimResult = Invoke-CimMethod -Query $_query -MethodName Compress -ErrorAction Stop -Verbose:$false
                            } elseif ($_Compression -eq $false -and $_destinationFolder.Compressed -eq $true) {
                                $_cimResult = Invoke-CimMethod -Query $_query -MethodName Uncompress -ErrorAction Stop -Verbose:$false
                            } else {
                                Write-Warning "Noting to do on '$($_destinationFolder.Name)'" -WarningAction SilentlyContinue
                            }

                            if ($_cimResult) {
                                if ($_cimResult.ReturnValue -notin (0, 15)) {
                                    Write-Error "Error '$($_cimResult.ReturnValue) ($($returnCodes[$_cimResult.ReturnValue]))' occured while set compression attribute '$($_Compression)'" -ErrorAction Stop
                                } elseif ($_cimResult.ReturnValue -eq 15) {
                                    Write-Warning "Compression attribute set, but with sharing violation. Means, attribute could not be applied on all files in folder" -WarningAction SilentlyContinue
                                }
                            }
                        }
                    } catch {
                        Write-PSFMessage -Level Error -Message "Unable to set compression to folder '$($destinationFolder.name)' on '$($configItem.EventChannel.PSComputerName)'. Message: $($_.Exception.Message)" -EnableException $true -Exception $_.Exception -ErrorRecord $_ -Target $configItem.EventChannel.PSComputerName
                    }
                    if ($invokeWarnings) { $invokeWarnings | ForEach-Object { Write-PSFMessage -Level Warning -Message $_ } }
                    Remove-Variable -Name invokeErrors, invokeWarnings -Force -Confirm:$false -WhatIf:$false -Verbose:$false -Debug:$false -ErrorAction Ignore
                }
            }

            # Set all the other possible EventChannel configs, including "Enabled" as the last setting
            $valueToSet = $configItem.psobject.Properties | Where-Object Name -in ("Enabled", "MaxEventLogSize", "LogMode", "EventChannelSDDL") | Where-Object { $_.Value -is $_.TypeNameOfValue }
            if ($valueToSet) {
                $valueToSetText = [string]::Join(', ', ($valueToSet | ForEach-Object { "$($_.Name)=$($_.Value)" }))
                if ($pscmdlet.ShouldProcess("EventChannel '$($configItem.EventChannel.Name)' on computer '$($configItem.EventChannel.PSComputerName)'", "Set '$($valueToSetText)'")) {
                    Write-PSFMessage -Level Verbose -Message "Set '$($valueToSetText)' to EventChannel '$($configItem.EventChannel.Name)' on '$($configItem.EventChannel.PSComputerName)'"

                    $invokeParam = @{
                        "ComputerName"  = $configItem.EventChannel.PSComputerName
                        "ArgumentList"  = ($configItem.EventChannel.Name, ($valueToSet | Select-Object Name, Value))
                        "ErrorAction"   = "Stop"
                        "ErrorVariable" = "invokeErrors"
                    }
                    try {
                        Invoke-PSFCommand @invokeParam -ScriptBlock {
                            $_eventChannelName = $args[0]
                            $_valueToSet = $args[1]
                            $_translateSettingToProperty = @{
                                "Enabled"          = "IsEnabled"
                                "MaxEventLogSize"  = "MaximumSizeInBytes"
                                "LogMode"          = "LogMode"
                                "EventChannelSDDL" = "SecurityDescriptor"
                            }

                            $_channel = Get-WinEvent -ListLog $_eventChannelName -Force -ErrorAction Stop
                            $error.Clear()

                            # backup current status
                            $_currentIsEnabled = $_channel.IsEnabled

                            # Disable to change settings
                            $_channel.IsEnabled = $false
                            $_channel.SaveChanges()

                            # Set properties on channel
                            foreach ($setting in ($_valueToSet | Where-Object name -NotLike "Enabled")) {
                                $_channel.($_translateSettingToProperty[$setting.Name]) = $setting.Value
                            }

                            $_desiredChannelStatus = $_valueToSet | Where-Object name -Like "Enabled"
                            if ($_desiredChannelStatus) {
                                $_channel.IsEnabled = $_desiredChannelStatus.Value
                            } else {
                                $_channel.IsEnabled = $_currentIsEnabled
                            }
                            $_channel.SaveChanges()
                            if ($error.Exception) { Write-Error "" -ErrorAction Stop }
                        }
                    } catch {
                        Write-PSFMessage -Level Error -Message "Unable to set '$($valueToSetText)' to EventChannel '$($configItem.EventChannel.Name)' on '$($configItem.EventChannel.PSComputerName)'. Message: $($_.Exception.Message)" -EnableException $true -Exception $_.Exception -ErrorRecord $_ -Target $configItem.EventChannel.PSComputerName
                        continue
                    }
                    Remove-Variable -Name invokeErrors -Force -Confirm:$false -WhatIf:$false -Verbose:$false -Debug:$false -ErrorAction Ignore
                }
            }

            # Output if specified
            if ($PassThru) {
                Get-WELCEventChannel -ChannelFullName $configItem.EventChannel.Name -ComputerName $configItem.EventChannel.PSComputerName -ErrorAction SilentlyContinue
            }
        }
    }
}


function Test-WELCEventChannelManifest {
    <#
    .SYNOPSIS
        Test-WELCEventChannelManifest
 
    .DESCRIPTION
        Test a man file for valid path with the compiled DLL file belonging to manifest file
 
        The manifest has to contain the fullname of the path where the dll file is stored,
        otherwise there will be errors when registering/usering it
 
    .PARAMETER Path
        The path to the manifest file
 
    .PARAMETER OnlyDLLPath
        Only verify path of DLL files in Manifest and skip validation of properties
 
    .PARAMETER Property
        Explicitly validate only the specified property
 
    .PARAMETER PassThru
        The moved files will be parsed to the pipeline for further processing.
 
    .NOTES
        Author: Andreas Bellstedt
 
    .LINK
        https://github.com/AndiBellstedt/WinEventLogCustomization
 
    .EXAMPLE
        PS C:\> Test-WELCEventChannelManifest -Path C:\CustomDLLPath\MyChannel.man
 
        Test the manifest. Show $true, if the manifest is a valid EventLogChannelManifest and the compiled DLL file ist in the expected directory
        Otherwise $false will be the result of the test.
 
    .EXAMPLE
        PS C:\> Test-WELCEventChannelManifest -Path C:\CustomDLLPath\MyChannel.man -OnlyDLLPath
 
        Same like first example, but skip structure and name checks. In fact, it only checks on reference path for DLL file.
 
    .EXAMPLE
        PS C:\> Test-WELCEventChannelManifest -Path C:\CustomDLLPath\MyChannel.man -PassThru
 
        Test the manifest. If the manifest is a valid EventLogChannelManifest and the compiled DLL file ist in the expected directory,
        the path (fullname) of the Manifest file will be the output
 
    #>

    [CmdletBinding(
        SupportsShouldProcess = $false,
        PositionalBinding = $true,
        ConfirmImpact = 'Low',
        DefaultParameterSetName = "General"
    )]
    [OutputType("System.Boolean")]
    param (
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            Position = 0
        )]
        [ValidateNotNullOrEmpty()]
        [Alias("File", "FileName", "FullName")]
        [String[]]
        $Path,

        [Parameter(ParameterSetName = "General")]
        [switch]
        $OnlyDLLPath,

        [Parameter(
            Mandatory = $true,
            ParameterSetName = "ExplicitProperty"
        )]
        [ValidateSet("ProviderName", "ProviderGUID", "ProviderSymbol", "ResourceFileName", "MessageFileName", "ParameterFileName", "ChannelName", "ChannelSymbol", "Type", "Enabled")]
        [String[]]
        $Property,

        [switch]
        $PassThru
    )

    begin {

    }

    process {
        foreach ($pathItem in $Path) {
            $isOK = $true
            # File and folder validity tests
            if ((Test-Path -Path $pathItem -PathType Leaf) -and ($pathItem.Split(".")[-1] -like "man")) {
                $file = $pathItem | Resolve-Path | Get-ChildItem | Select-Object -ExpandProperty FullName
                Write-PSFMessage -Level Verbose -Message "Found file '$($file )' as a valid file"
            } elseif (Test-Path -Path $pathItem -PathType Container) {
                Write-PSFMessage -Level Error -Message "'$pathItem' is a folder. Please specify a manifest file."
                continue
            } elseif (-not (Test-Path  -Path $pathItem -PathType Any -IsValid)) {
                Write-PSFMessage -Level Error -Message "'$pathItem' is not a valid path or file."
                continue
            } else {
                Write-PSFMessage -Level Error -Message "Unable to open '$($pathItem)'"
                continue
            }

            # open XML file
            $xmlfile = New-Object XML
            $xmlfile.Load($file)

            if (
                $xmlfile.instrumentationManifest.schemaLocation -eq "http://schemas.microsoft.com/win/2004/08/events eventman.xsd" -and
                $xmlfile.instrumentationManifest.xmlns -eq "http://schemas.microsoft.com/win/2004/08/events" -and
                $xmlfile.instrumentationManifest.win -eq "http://manifests.microsoft.com/win/2004/08/windows/events" -and
                $xmlfile.instrumentationManifest.xsi -eq "http://www.w3.org/2001/XMLSchema-instance" -and
                $xmlfile.instrumentationManifest.xs -eq "http://www.w3.org/2001/XMLSchema" -and
                $xmlfile.instrumentationManifest.trace -eq "http://schemas.microsoft.com/win/2004/08/events/trace"
            ) {
                # Loop through existing providers
                foreach ($provider in $xmlfile.instrumentationManifest.instrumentation.events.provider) {
                    # Check Provider info
                    if (-not $OnlyDLLPath -or $pscmdlet.ParameterSetName -like "ExplicitProperty") {
                        if ($pscmdlet.ParameterSetName -like "General" -or "ProviderGUID" -in $Property) {
                            if ([guid]::new($provider.guid)) {
                                Write-PSFMessage -Level Debug -Message "GUID '$($provider.guid)' for provider '$($provider.name)' is valid"
                            } else {
                                Write-PSFMessage -Level Verbose -Message "Failed testing GUID '$($provider.guid)' for provider '$($provider.name)'"
                                $isOK = $false
                            }
                        }

                        if ($pscmdlet.ParameterSetName -like "General" -or "ProviderName" -in $Property) {
                            if ($provider.name -match (Get-PSFConfigValue -FullName WinEventLogCustomization.MatchString.ProviderName)) {
                                Write-PSFMessage -Level Debug -Message "Name for provider '$($provider.name)' is valid"
                            } else {
                                Write-PSFMessage -Level Verbose -Message "Failed testing provider name '$($provider.name)'. Name did not match '$(Get-PSFConfigValue -FullName WinEventLogCustomization.MatchString.ProviderName)'"
                                $isOK = $false
                            }
                        }

                        if ($pscmdlet.ParameterSetName -like "General" -or "ProviderSymbol" -in $Property) {
                            if ($provider.symbol -match (Get-PSFConfigValue -FullName WinEventLogCustomization.MatchString.ProviderSymbol)) {
                                Write-PSFMessage -Level Debug -Message "Providersymbol '$($provider.symbol)' is valid"
                            } else {
                                Write-PSFMessage -Level Verbose -Message "Failed testing provider symbol '$($provider.symbol)'. Name did not match '$(Get-PSFConfigValue -FullName WinEventLogCustomization.MatchString.ProviderSymbol)'"
                                $isOK = $false
                            }
                        }
                    }

                    if ($pscmdlet.ParameterSetName -like "General" -or "ResourceFileName" -in $Property) {
                        if (Test-Path -Path $provider.resourceFileName -PathType Leaf) {
                            Write-PSFMessage -Level Debug -Message "Ressource file '$($provider.resourceFileName)' for provider '$($provider.name)' GUID:$($provider.guid) is valid"
                        } else {
                            Write-PSFMessage -Level Verbose -Message "Failed testing ressource file '$($provider.resourceFileName)' for provider '$($provider.name)' GUID:$($provider.guid)"
                            $isOK = $false
                        }
                    }

                    if ($pscmdlet.ParameterSetName -like "General" -or "MessageFileName" -in $Property) {
                        if (Test-Path -Path $provider.messageFileName -PathType Leaf) {
                            Write-PSFMessage -Level Debug -Message "Message file '$($provider.messageFileName)' for provider '$($provider.name)' GUID:$($provider.guid) is valid"
                        } else {
                            Write-PSFMessage -Level Verbose -Message "Failed testing message file '$($provider.messageFileName)' for provider '$($provider.name)' GUID:$($provider.guid)"
                            $isOK = $false
                        }
                    }

                    if ($pscmdlet.ParameterSetName -like "General" -or "ParameterFileName" -in $Property) {
                        if (Test-Path -Path $provider.parameterFileName -PathType Leaf) {
                            Write-PSFMessage -Level Debug -Message "Parameter file '$($provider.parameterFileName)' for provider '$($provider.name)' GUID:$($provider.guid) is valid"
                        } else {
                            Write-PSFMessage -Level Verbose -Message "Failed testing parameter file '$($provider.parameterFileName)' for provider '$($provider.name)' GUID:$($provider.guid)"
                            $isOK = $false
                        }
                    }

                    if (-not $OnlyDLLPath -or $pscmdlet.ParameterSetName -like "ExplicitProperty") {
                        # Loop through channels within provider
                        foreach ($channel in $provider.channels.channel) {
                            # Check Channel info
                            if ($pscmdlet.ParameterSetName -like "General" -or "ChannelName" -in $Property) {
                                if ($channel.name -match (Get-PSFConfigValue -FullName WinEventLogCustomization.MatchString.ChannelName)) {
                                    Write-PSFMessage -Level Debug -Message "Name for ChannelName '$($channel.name)' in provider '$($provider.name)' is valid"
                                } else {
                                    Write-PSFMessage -Level Verbose -Message "Failed testing ChannelName '$($channel.name)' in provider '$($provider.name)'. Name did not match '$(Get-PSFConfigValue -FullName WinEventLogCustomization.MatchString.ChannelName)'"
                                    $isOK = $false
                                }
                            }

                            if ($pscmdlet.ParameterSetName -like "General" -or "ChannelSymbol" -in $Property) {
                                if ($channel.symbol -match (Get-PSFConfigValue -FullName WinEventLogCustomization.MatchString.ChannelSymbol)) {
                                    Write-PSFMessage -Level Debug -Message "Name for ChannelSymbol '$($channel.symbol)' in provider '$($provider.name)' is valid"
                                } else {
                                    Write-PSFMessage -Level Verbose -Message "Failed testing ChannelSymbol '$($channel.symbol)' in provider '$($provider.name)'. Name did not match '$(Get-PSFConfigValue -FullName WinEventLogCustomization.MatchString.ChannelSymbol)'"
                                    $isOK = $false
                                }
                            }

                            if ($pscmdlet.ParameterSetName -like "General" -or "Enabled" -in $Property) {
                                if (($channel.enabled -like [bool]::TrueString) -or ($channel.enabled -like [bool]::FalseString)) {
                                    Write-PSFMessage -Level Debug -Message "Value Enabled:'$($channel.enabled)' on channel '$($channel.name)' in provider '$($provider.name)' is valid"
                                } else {
                                    Write-PSFMessage -Level Verbose -Message "Failed testing value '$($channel.enabled)' on channel '$($channel.name)' in provider '$($provider.name)'."
                                    $isOK = $false
                                }
                            }

                            if ($pscmdlet.ParameterSetName -like "General" -or "Type" -in $Property) {
                                if ($channel.type -in (Get-PSFConfigValue -FullName WinEventLogCustomization.MatchString.ChannelTypes)) {
                                    Write-PSFMessage -Level Debug -Message "Type '$($channel.type)' on channel '$($channel.name)' in provider '$($provider.name)' is valid"
                                } else {
                                    Write-PSFMessage -Level Verbose -Message "Failed testing type '$($channel.type)' on channel '$($channel.name)' in provider '$($provider.name)'."
                                    $isOK = $false
                                }
                            }
                        }
                    }
                }
            } else {
                Write-PSFMessage -Level Error -Message "'$($file)' seeams like not being a Windows EventLog Channel XML manifest file"
                $isOK = $false
            }

            # Output result
            if ($PassThru -and $isOK) {
                $file
            } else {
                $isOK
            }
        }
    }

    end {
    }
}

function Unregister-WELCEventChannelManifest {
    <#
    .SYNOPSIS
        Unregister-WELCEventChannelManifest
 
    .DESCRIPTION
        Unregister a manifest and its compiled DLL file from windows EventLog sytem
 
    .PARAMETER Path
        The path to the manifest (and the dll) file
 
    .PARAMETER ComputerName
        The computer where to register the manifest file
 
    .PARAMETER Session
        PowerShell Session object where to unregister the manifest file
 
    .PARAMETER Credential
        The credentials to use on remote calls
 
    .PARAMETER WhatIf
        If this switch is enabled, no actions are performed but informational messages will be displayed that explain what would happen if the command were to run.
 
    .PARAMETER Confirm
        If this switch is enabled, you will be prompted for confirmation before executing any operations that change state.
 
    .NOTES
        Author: Andreas Bellstedt
 
    .LINK
        https://github.com/AndiBellstedt/WinEventLogCustomization
 
    .EXAMPLE
        PS C:\> Unregister-WELCEventChannelManifest -Path C:\CustomDLLPath\MyChannel.man
 
        Unregister the manfifest-file from Windows EventLog System, so it no longer appears in Application and Services Logs.
 
    .EXAMPLE
        PS C:\> Unregister-WELCEventChannelManifest -Path C:\CustomDLLPath\MyChannel.man -ComputerName SRV01
 
        Unregister the manfifest-file from Windows EventLog System on the remote computer "SRV01".
 
    .EXAMPLE
        PS C:\> Unregister-WELCEventChannelManifest -Path C:\CustomDLLPath\MyChannel.man -Sesion $PSSession
 
        Unregister the manfifest-file from Windows EventLog System from all connections within the $PSSession variable
 
        Assuming $PSSession variable is created something like this:
        $PSSession = New-PSSession -ComputerName SRV01
 
    #>

    [CmdletBinding(
        SupportsShouldProcess = $true,
        PositionalBinding = $true,
        ConfirmImpact = 'High',
        DefaultParameterSetName = 'ComputerName'
    )]
    param (
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            Position = 0
        )]
        [ValidateNotNullOrEmpty()]
        [Alias("File", "FileName", "FullName")]
        [String]
        $Path,

        [Parameter(
            ParameterSetName = "ComputerName",
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            Position = 1
        )]
        [Alias("Host", "Hostname", "Computer", "DNSHostName")]
        [PSFComputer[]]
        $ComputerName = $env:COMPUTERNAME,

        [Parameter(
            ParameterSetName = "Session",
            Position = 1
        )]
        [System.Management.Automation.Runspaces.PSSession[]]
        $Session,

        [Parameter(ParameterSetName = "ComputerName")]
        [PSCredential]
        $Credential
    )

    begin {
        # If session parameter is used -> transfer it to ComputerName,
        # The class "PSFComputer" from PSFramework can handle it. This simplifies the handling in the further process block
        if ($Session) { $ComputerName = $Session.ComputerName }

        $pathBound = Test-PSFParameterBinding -ParameterName Path
        $computerBound = Test-PSFParameterBinding -ParameterName ComputerName
    }

    process {
        #region parameterset workarround
        Write-PSFMessage -Level Debug -Message "ParameterNameSet: $($PsCmdlet.ParameterSetName)"

        # Workarround parameter binding behaviour of powershell in combination with ComputerName Piping
        if (-not ($pathBound -or $computerBound) -and $ComputerName.InputObject -and $PSCmdlet.ParameterSetName -ne "Session") {
            if ($ComputerName.InputObject -is [string]) { $ComputerName = $env:ComputerName } else { $Path = "" }
        }
        #endregion parameterset workarround

        #region Processing Events
        foreach ($file in $Path) {
            # File/path validation
            if (-not (Test-Path -Path $file -PathType Leaf -IsValid)) {
                Write-PSFMessage -Level Error -Message"'$($file)' is not a valid path or file."
                continue
            } else {
                Write-PSFMessage -Level Debug -Message "Working on file '$($file)'"
            }

            # Process computers
            foreach ($computer in $ComputerName) {
                Write-PSFMessage -Level Verbose -Message "Processing file '$($file)' on computer '$($computer)'"

                # When remoting is used, transfer files first
                if (($PSCmdlet.ParameterSetName -eq "Session") -or (-not $computer.IsLocalhost)) {

                    # Create PS remoting session, if no session exists
                    if ($PSCmdlet.ParameterSetName -ne "Session") {

                        $paramSession = @{
                            "ComputerName" = $computer.ToString()
                            "ErrorAction"  = "Stop"
                        }
                        if ($Credential) { $paramSession.Add("Credential", $Credential) }

                        try {
                            $Session = New-PSSession @paramSession
                            Write-PSFMessage -Level Debug -Message "New remoting session created to '$($Session.ComputerName)'"
                        } catch {
                            Write-PSFMessage -Level Error -Message "Error creating remoting session to computer '$($computer)'" -Target $computer -ErrorRecord $_
                            break
                        }
                    }
                }

                # Unregister manifest
                if ($pscmdlet.ShouldProcess("Manifest '$($Path)' from computer '$($computer)'", "Unregister")) {

                    $paramInvokeCmd = [ordered]@{
                        "ComputerName"      = $computer.ToString()
                        "ErrorAction"       = "Stop"
                        ErrorVariable       = "errorReturn"
                        InformationVariable = "infoReturn"
                        "ArgumentList"      = $file
                    }
                    if ($PSCmdlet.ParameterSetName -eq "Session") { $paramInvokeCmd['ComputerName'] = $Session }
                    if ($Credential) { $paramInvokeCmd.Add("Credential", $Credential) }

                    Write-PSFMessage -Level Verbose -Message "Unregistering manifest '$($file)' from computer '$($computer)'" -Target $computer
                    try {
                        $null = Invoke-PSFCommand @paramInvokeCmd -ScriptBlock {
                            try { [Console]::OutputEncoding = [System.Text.Encoding]::UTF8 } catch { Write-Information -MessageData "Exception while setting UTF8 OutputEncoding. Continue script." }
                            $output = . "$($env:windir)\system32\wevtutil.exe" "uninstall-manifest" "$($args[0])" *>&1
                            $output = $output | Where-Object { $_.InvocationInfo.MyCommand.Name -like 'wevtutil.exe' } *>&1
                            if ($output) { Write-Error -Message "$([string]::Join(" ", $output.Exception.Message.Replace("`r`n"," ")))" -ErrorAction Stop }
                        }
                        if ($errorReturn) { Write-Error "Error registering manifest" -ErrorAction Stop }
                    } catch {
                        Stop-PSFFunction -Message "Error unregistering manifest '$($file)' on computer '$($computer)'" -Target $computer -ErrorRecord $_
                    }
                    Clear-Variable -Name errorReturn, infoReturn -Force -Confirm:$false -WhatIf:$false -Verbose:$false -Debug:$false -ErrorAction Ignore

                    Write-PSFMessage -Level Verbose -Message "Clean up manifest artifacts from computer '$($computer)'" -Target $computer
                    try {
                        $loggingOutput = Invoke-PSFCommand @paramInvokeCmd -ScriptBlock {
                            [xml]$manifest = Get-Content $args[0]
                            if ($manifest) {
                                $channelnames = $manifest.instrumentationManifest.instrumentation.events.provider.channels.channel.name
                            }
                            foreach ($channelname in $channelnames) {
                                $artifact = Get-Item "HKLM:\SYSTEM\CurrentControlSet\Services\EventLog\$($channelname)" -ErrorAction Ignore
                                if ($artifact) {
                                    $artifact | Remove-Item -Force -Recurse -ErrorAction Stop -Confirm:$false
                                    "Removed artifact '$($channelname)' from registry"
                                }
                            }
                        }
                        if ($errorReturn) { Write-Error "Error on cleanup manifest artifacts from registry! $($errorReturn)" -ErrorAction Stop }
                        if ($loggingOutput) { $loggingOutput | ForEach-Object { Write-PSFMessage -Level Verbose -Message $_ -Target $computer } }
                    } catch {
                        Stop-PSFFunction -Message "Error cleaning up manifest artifacts for on computer '$($computer)'" -Target $computer -ErrorRecord $_
                    }
                    Remove-Variable -Name errorReturn, infoReturn -Force -Confirm:$false -WhatIf:$false -Verbose:$false -Debug:$false -ErrorAction Ignore
                }
            }
        }
    }

    end {
    }
}

<#
This is an example configuration file
 
By default, it is enough to have a single one of them,
however if you have enough configuration settings to justify having multiple copies of it,
feel totally free to split them into multiple files.
#>


<#
# Example Configuration
Set-PSFConfig -Module 'WinEventLogCustomization' -Name 'Example.Setting' -Value 10 -Initialize -Validation 'integer' -Handler { } -Description "Example configuration setting. Your module can then use the setting using 'Get-PSFConfigValue'"
#>


Set-PSFConfig -Module 'WinEventLogCustomization' -Name 'Import.DoDotSource' -Value $false -Validation 'bool' -Description "Whether the module files should be dotsourced on import. By default, the files of this module are read as string value and invoked, which is faster but worse on debugging." -Initialize
Set-PSFConfig -Module 'WinEventLogCustomization' -Name 'Import.IndividualFiles' -Value $false -Validation 'bool' -Description "Whether the module files should be imported individually. During the module build, all module code is compiled into few files, which are imported instead by default. Loading the compiled versions is faster, using the individual files is easier for debugging and testing out adjustments." -Initialize


Set-PSFConfig -Module 'WinEventLogCustomization' -Name 'MatchString.ProviderName' -Value '(^([a-zA-Z]| |[0-9]|\(|\))*$)|(^([a-zA-Z]| |[0-9]|\(|\))*-([a-zA-Z]| |[0-9]|\(|\))*-([a-zA-Z]| |[0-9]|\(|\))*$)' -Description "Regex to validate name of ProviderName within a manifest file" -Initialize
Set-PSFConfig -Module 'WinEventLogCustomization' -Name 'MatchString.ProviderSymbol' -Value '(^([a-zA-Z]| |[0-9]|\(|\))*$)|(^([a-zA-Z]| |[0-9]|\(|\))*_([a-zA-Z]| |[0-9]|\(|\))*_([a-zA-Z]| |[0-9]|\(|\))*$)|(^([a-zA-Z]| |[0-9]|\(|\))*_([a-zA-Z]| |[0-9]|\(|\))*_([a-zA-Z]| |[0-9]|\(|\))*_([a-zA-Z]| |[0-9]|\(|\))*$)'-Description "Regex to validate name of ProviderSymbol within a manifest file" -Initialize

Set-PSFConfig -Module 'WinEventLogCustomization' -Name 'MatchString.ChannelName' -Value '(^(\w| )*\/(\w| |\(|\))*$)|(^(\w| )*-(\w| )*-(\w| )*\/(\w| |\(|\))*$)'-Description "Regex to validate name of ChannelName within a manifest file" -Initialize
Set-PSFConfig -Module 'WinEventLogCustomization' -Name 'MatchString.ChannelSymbol' -Value '(^([a-zA-Z]|[0-9]|\(|\))*_([a-zA-Z]|[0-9]|\(|\))*$)|(^([a-zA-Z]|[0-9]|\(|\))*_([a-zA-Z]|[0-9]|\(|\))*_([a-zA-Z]|[0-9]|\(|\))*_([a-zA-Z]|[0-9]|\(|\))*$)' -Description "Regex to validate name of ChannelSymbol within a manifest file" -Initialize
Set-PSFConfig -Module 'WinEventLogCustomization' -Name 'MatchString.ChannelTypes' -Value @("Admin", "Operational", "Analytic", "Debug") -Validation stringarray -Description "Name-array of possible ChannelTypes" -Initialize


<#
Stored scriptblocks are available in [PsfValidateScript()] attributes.
This makes it easier to centrally provide the same scriptblock multiple times,
without having to maintain it in separate locations.
 
It also prevents lengthy validation scriptblocks from making your parameter block
hard to read.
 
Set-PSFScriptblock -Name 'WinEventLogCustomization.ScriptBlockName' -Scriptblock {
     
}
#>


Register-PSFTeppScriptblock -Name "WinEventLogCustomization.ChannelFullName" -ScriptBlock {
    Get-WinEvent -ListLog * -ErrorAction Ignore | Select-Object -ExpandProperty LogName
}

Register-PSFTeppScriptblock -Name "WinEventLogCustomization.Bool" -ScriptBlock {
    @(
        '$true',
        '$false'
    )
}

Register-PSFTeppScriptblock -Name "WinEventLogCustomization.MaxEventLogSize" -ScriptBlock {
    @(
        '16MB',
        '64MB',
        '128MB',
        '512MB',
        '1GB',
        '2GB',
        '5GB',
        '10GB'
    )
}

Register-PSFTeppScriptblock -Name "WinEventLogCustomization.FolderRoot" -ScriptBlock {
    Get-WinEvent -ListLog *-* -ErrorAction Ignore | Select-Object -ExpandProperty LogName | ForEach-Object { $_.split("-")[0] } | Sort-Object -Unique
}

Register-PSFTeppScriptblock -Name "WinEventLogCustomization.FolderSecondLevel" -ScriptBlock {
    Get-WinEvent -ListLog *-*-* -ErrorAction Ignore | Select-Object -ExpandProperty LogName | ForEach-Object { $_.split("-")[1] } | Sort-Object -Unique
}

Register-PSFTeppScriptblock -Name "WinEventLogCustomization.FolderThirdLevel" -ScriptBlock {
    Get-WinEvent -ListLog *-*-* -ErrorAction Ignore | Select-Object -ExpandProperty LogName | ForEach-Object { $_.split("-")[2].split("/")[0] } | Sort-Object -Unique
}

Register-PSFTeppScriptblock -Name "WinEventLogCustomization.ChannelName" -ScriptBlock {
    Get-WinEvent -ListLog */* -ErrorAction Ignore | Select-Object -ExpandProperty LogName | ForEach-Object { $_.split("/")[1] } | Sort-Object -Unique
}


# Get-WELCEventChannel
Register-PSFTeppArgumentCompleter -Command Get-WELCEventChannel -Parameter "ChannelFullName" -Name "WinEventLogCustomization.ChannelFullName"

# Set-WELCEventChannel
Register-PSFTeppArgumentCompleter -Command Set-WELCEventChannel -Parameter "ChannelFullName" -Name "WinEventLogCustomization.ChannelFullName"
Register-PSFTeppArgumentCompleter -Command Set-WELCEventChannel -Parameter "Enabled" -Name "WinEventLogCustomization.Bool"
Register-PSFTeppArgumentCompleter -Command Set-WELCEventChannel -Parameter "CompressLogFolder" -Name "WinEventLogCustomization.Bool"
Register-PSFTeppArgumentCompleter -Command Set-WELCEventChannel -Parameter "AllowFileAccessForLocalService" -Name "WinEventLogCustomization.Bool"
Register-PSFTeppArgumentCompleter -Command Set-WELCEventChannel -Parameter "MaxEventLogSize" -Name "WinEventLogCustomization.MaxEventLogSize"

# New-WELCEventChannelManifest
Register-PSFTeppArgumentCompleter -Command New-WELCEventChannelManifest -Parameter "FolderRoot" -Name "WinEventLogCustomization.FolderRoot"
Register-PSFTeppArgumentCompleter -Command New-WELCEventChannelManifest -Parameter "FolderSecondLevel" -Name "WinEventLogCustomization.FolderSecondLevel"
Register-PSFTeppArgumentCompleter -Command New-WELCEventChannelManifest -Parameter "FolderThirdLevel" -Name "WinEventLogCustomization.FolderThirdLevel"
Register-PSFTeppArgumentCompleter -Command New-WELCEventChannelManifest -Parameter "ChannelName" -Name "WinEventLogCustomization.ChannelName"


New-PSFLicense -Product 'WinEventLogCustomization' -Manufacturer 'Andreas Bellstedt' -ProductVersion $script:ModuleVersion -ProductType Module -Name MIT -Version "1.0.0.0" -Date (Get-Date "2022-06-26") -Text @"
Copyright (c) 2022 Andreas Bellstedt
 
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
 
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
 
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
"@

#endregion Load compiled code