From 65ac373473147698f875b871dbb9102a6041db4f Mon Sep 17 00:00:00 2001 From: Ionut Balutoiu Date: Thu, 16 Feb 2023 19:30:59 +0200 Subject: [PATCH] ceph-windows: Cleanup collect-event-logs.ps1 script * Rely on the default `$ErrorActionPreference` value (which is `Continue`). * Add new function `SanitizeName` that it's used to sanitize the name of the log files. The function code existed before, but it was duplicated in the script. * General PowerShell code cleanup. Signed-off-by: Ionut Balutoiu --- scripts/ceph-windows/collect-event-logs.ps1 | 57 +++++++++++++-------- 1 file changed, 36 insertions(+), 21 deletions(-) diff --git a/scripts/ceph-windows/collect-event-logs.ps1 b/scripts/ceph-windows/collect-event-logs.ps1 index ecee7245..a90aa47f 100644 --- a/scripts/ceph-windows/collect-event-logs.ps1 +++ b/scripts/ceph-windows/collect-event-logs.ps1 @@ -5,42 +5,57 @@ param ( [switch]$CleanupEventLog = $false ) -$ErrorActionPreference = "Ignore" - -function DumpEventLogEvtx($path){ - foreach ($i in (Get-WinEvent -ListLog * | ? {$_.RecordCount -gt 0 })) { - $logName = "eventlog_" + $i.LogName + ".evtx" - $logName = $logName.replace(" ","-").replace("/", "-").replace("\", "-") - Write-Output "exporting "$i.LogName" as "$logName - $logFile = Join-Path $path $logName - & $Env:WinDir\System32\wevtutil.exe epl $i.LogName $logFile +function SanitizeName { + Param( + [Parameter(Mandatory=$true)] + [string]$Name + ) + return $Name.replace(" ","-").replace("/", "-").replace("\", "-") +} + +function DumpEventLogEvtx { + Param( + [Parameter(Mandatory=$true)] + [string]$Path + ) + $winEvents = Get-WinEvent -ListLog * | Where-Object { $_.RecordCount -gt 0 } + foreach ($i in $winEvents) { + $logFile = Join-Path $Path "eventlog_$(SanitizeName $i.LogName).evtx" + + Write-Output "exporting '$($i.LogName)' to $logFile" + & $Env:WinDir\System32\wevtutil.exe epl "$($i.LogName)" $logFile if ($LASTEXITCODE) { Write-Output "Failed to export $($i.LogName) to $logFile" } } } -function DumpEventLogTxt($path){ - foreach ($i in (Get-WinEvent -ListLog * | ? {$_.RecordCount -gt 0 })) { - $logName = "eventlog_" + $i.LogName + ".txt" - $logName = $logName.replace(" ","-").replace("/", "-").replace("\", "-") - Write-Output "exporting "$i.LogName" as "$logName - $logFile = Join-Path $path $logName +function DumpEventLogTxt { + Param( + [Parameter(Mandatory=$true)] + [string]$Path + ) + $winEvents = Get-WinEvent -ListLog * | Where-Object { $_.RecordCount -gt 0 } + foreach ($i in $winEvents) { + $logFile = Join-Path $Path "eventlog_$(SanitizeName $i.LogName).txt" + + Write-Output "exporting '$($i.LogName)' to $logFile" Get-WinEvent ` - -ErrorAction "Ignore" ` + -ErrorAction "SilentlyContinue" ` -FilterHashtable @{ LogName=$i.LogName; StartTime=$(Get-Date).AddHours(-6) } | ` - Format-Table -AutoSize -Wrap > $logFile + Format-Table -AutoSize -Wrap | Out-File -Encoding ascii -FilePath $logFile } } -function ClearEventLog(){ - foreach ($i in (Get-WinEvent -ListLog * | ? {$_.RecordCount -gt 0 })) { +function ClearEventLog { + $winEvents = Get-WinEvent -ListLog * | Where-Object { $_.RecordCount -gt 0 } + foreach ($i in $winEvents) { & $Env:WinDir\System32\wevtutil.exe cl $i.LogName if ($LASTEXITCODE) { - Write-Output "Failed to clear $($i.LogName) from the event log" + Write-Output "Failed to clear '$($i.LogName)' from the event log" } } } @@ -57,4 +72,4 @@ if ($CleanupEventLog) { ClearEventLog } -Write-Output "Successfully collected Windows event logs." +Write-Output "Finished collecting Windows event logs." -- 2.39.5