From: Stefan Chivu <schivu@cloudbasesolutions.com>
Date: Tue, 31 Jan 2023 12:08:02 +0000 (+0200)
Subject: ceph-windows: Added script for collecting Windows event logs
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=eee3e12712e44545bec8b8b5d6643a75241231e9;p=ceph-build.git

ceph-windows: Added script for collecting Windows event logs

In order to collect more information for the build artifacts,
the collect-event-logs.ps1 script will be run in order to extract
the event logs from the Windows client machine.

It will dump all the event logs as evtx and then convert them to
txt in order to be accessible on all platforms.

If the -IncludeEvtxFiles flag is used, the evtx files can be kept.
By default they are deleted.

Also, if the -CleanupEventLog flag is used, then the machine's
events will get cleared after the dump. By default they are kept.

The dumped event log files can be found in the directory sent as
parameter using the mandatory -LogDirectory parameter.

Signed-off-by: Stefan Chivu <schivu@cloudbasesolutions.com>
---

diff --git a/scripts/ceph-windows/collect-event-logs.ps1 b/scripts/ceph-windows/collect-event-logs.ps1
new file mode 100644
index 00000000..4be0ab47
--- /dev/null
+++ b/scripts/ceph-windows/collect-event-logs.ps1
@@ -0,0 +1,56 @@
+param (
+    [Parameter(Mandatory)]
+    [string]$LogDirectory,
+    [switch]$IncludeEvtxFiles = $false,
+    [switch]$CleanupEventLog = $false
+)
+
+$ErrorActionPreference = "Stop"
+
+function DumpEventLogEvtx($path){
+    foreach ($i in (Get-WinEvent -ListLog * |  ? {$_.RecordCount -gt 0 })) {
+        $logName = "eventlog_" + $i.LogName + ".evtx"
+        $logName = $logName.replace(" ","-").replace("/", "-").replace("\", "-")
+        Write-Output "exporting "$i.LogName" as "$logName
+        $logFile = Join-Path $path $logName
+        & $Env:WinDir\System32\wevtutil.exe epl $i.LogName $logFile
+        if ($LASTEXITCODE) {
+            Throw "Failed to export $($i.LogName) to $logFile"
+        }
+    }
+}
+
+function ConvertEvtxDumpToTxt($path){
+    foreach ($i in (Get-ChildItem $path -Filter eventlog_*.evtx)) {
+        $logName = $i.BaseName + ".txt"
+        $logName = $logName.replace(" ","-").replace("/", "-").replace("\", "-")
+        Write-Output "converting "$i.BaseName" evtx to txt"
+        $logFile = Join-Path $path $logName
+        & $Env:WinDir\System32\wevtutil.exe qe $i.FullName /lf > $logFile
+        if ($LASTEXITCODE) {
+            Throw "Failed to convert $($i.FullName) to txt"
+        }
+    }
+}
+
+function ClearEventLog(){
+    foreach ($i in (Get-WinEvent -ListLog * |  ? {$_.RecordCount -gt 0 })) {
+        & $Env:WinDir\System32\wevtutil.exe cl $i.LogName
+        if ($LASTEXITCODE) {
+            Throw "Failed to clear $($i.LogName) from the event log"
+        }
+    }
+}
+
+mkdir -force $LogDirectory
+
+DumpEventLogEvtx $LogDirectory
+ConvertEvtxDumpToTxt $LogDirectory
+
+if ($CleanupEventLog) {
+    ClearEventLog
+}
+
+if (-not $IncludeEvtxFiles) {
+    rm $LogDirectory\eventlog_*.evtx
+}