From: Stefan Chivu <schivu@cloudbasesolutions.com>
Date: Tue, 14 Feb 2023 11:47:03 +0000 (+0000)
Subject: ceph-windows: Fix event log artifacts
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F2111%2Fhead;p=ceph-build.git

ceph-windows: Fix event log artifacts

Previously, the windows event log artifacts were being dumped in
evtx format and then converted to txt by individually querying them
using wevtutil.

After doing this, the resulting txt logs contained xml entries that
omitted the actual event message.

Now, they will be directly dumped as txt using Get-WinEvent and the
evtx logs can be obtained using the -IncludeEvtxFiles flag.

Signed-off-by: Stefan Chivu <schivu@cloudbasesolutions.com>
---

diff --git a/scripts/ceph-windows/collect-event-logs.ps1 b/scripts/ceph-windows/collect-event-logs.ps1
index 4be0ab47..de870aeb 100644
--- a/scripts/ceph-windows/collect-event-logs.ps1
+++ b/scripts/ceph-windows/collect-event-logs.ps1
@@ -20,16 +20,13 @@ function DumpEventLogEvtx($path){
     }
 }
 
-function ConvertEvtxDumpToTxt($path){
-    foreach ($i in (Get-ChildItem $path -Filter eventlog_*.evtx)) {
-        $logName = $i.BaseName + ".txt"
+function DumpEventLogTxt($path){
+    foreach ($i in (Get-WinEvent -ListLog * |  ? {$_.RecordCount -gt 0 })) {
+        $logName = "eventlog_" + $i.LogName + ".txt"
         $logName = $logName.replace(" ","-").replace("/", "-").replace("\", "-")
-        Write-Output "converting "$i.BaseName" evtx to txt"
+        Write-Output "exporting "$i.LogName" as "$logName
         $logFile = Join-Path $path $logName
-        & $Env:WinDir\System32\wevtutil.exe qe $i.FullName /lf > $logFile
-        if ($LASTEXITCODE) {
-            Throw "Failed to convert $($i.FullName) to txt"
-        }
+        Get-WinEvent -FilterHashtable @{LogName=$i.LogName;StartTime=$(Get-Date).AddHours(-24)} | Format-Table -AutoSize -Wrap > $logFile
     }
 }
 
@@ -44,13 +41,12 @@ function ClearEventLog(){
 
 mkdir -force $LogDirectory
 
-DumpEventLogEvtx $LogDirectory
-ConvertEvtxDumpToTxt $LogDirectory
+DumpEventLogTxt $LogDirectory
 
-if ($CleanupEventLog) {
-    ClearEventLog
+if ($IncludeEvtxFiles) {
+    DumpEventLogEvtx $LogDirectory
 }
 
-if (-not $IncludeEvtxFiles) {
-    rm $LogDirectory\eventlog_*.evtx
+if ($CleanupEventLog) {
+    ClearEventLog
 }