1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210
| function Get-WinEvent { [CmdletBinding(DefaultParameterSetName='GetLogSet', HelpUri='https://go.microsoft.com/fwlink/?LinkID=138336')] param(
[Parameter(ParameterSetName='ListLogSet', Mandatory=$true, Position=0)] [AllowEmptyCollection()] [string[]] ${ListLog}, [Parameter(ParameterSetName='LogNameGetEventlog', Mandatory=$true, Position=0)] [Parameter(ParameterSetName='GetLogSet', Position=0, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] [string[]] ${LogName}, [Parameter(ParameterSetName='ListProviderSet', Mandatory=$true, Position=0)] [AllowEmptyCollection()] [string[]] ${ListProvider}, [Parameter(ParameterSetName='GetProviderSet', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [string[]] ${ProviderName}, [Parameter(ParameterSetName='FileSet', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('PSPath')] [string[]] ${Path}, [Parameter(ParameterSetName='FileSet')] [Parameter(ParameterSetName='GetProviderSet')] [Parameter(ParameterSetName='GetLogSet')] [Parameter(ParameterSetName='HashQuerySet')] [Parameter(ParameterSetName='XmlQuerySet')] [ValidateRange(1, 9223372036854775807)] [long] ${MaxEvents}, [Parameter(ParameterSetName='LogNameGetEventlog')] [ValidateRange(0, 2147483647)] [int] ${Newest}, [Parameter(ParameterSetName='GetProviderSet')] [Parameter(ParameterSetName='ListProviderSet')] [Parameter(ParameterSetName='ListLogSet')] [Parameter(ParameterSetName='GetLogSet')] [Parameter(ParameterSetName='HashQuerySet')] [Parameter(ParameterSetName='XmlQuerySet')] [Parameter(ParameterSetName='LogNameGetEventlog')] [Alias('Cn')] [ValidateNotNullOrEmpty()] [string] ${ComputerName}, [Parameter(ParameterSetName='GetProviderSet')] [Parameter(ParameterSetName='ListProviderSet')] [Parameter(ParameterSetName='ListLogSet')] [Parameter(ParameterSetName='GetLogSet')] [Parameter(ParameterSetName='HashQuerySet')] [Parameter(ParameterSetName='XmlQuerySet')] [Parameter(ParameterSetName='FileSet')] [pscredential] [System.Management.Automation.CredentialAttribute()] ${Credential}, [Parameter(ParameterSetName='FileSet')] [Parameter(ParameterSetName='GetProviderSet')] [Parameter(ParameterSetName='GetLogSet')] [ValidateNotNull()] [string] ${FilterXPath}, [Parameter(ParameterSetName='XmlQuerySet', Mandatory=$true, Position=0)] [xml] ${FilterXml}, [Parameter(ParameterSetName='HashQuerySet', Mandatory=$true, Position=0)] [hashtable[]] ${FilterHashtable}, [Parameter(ParameterSetName='GetProviderSet')] [Parameter(ParameterSetName='ListLogSet')] [Parameter(ParameterSetName='GetLogSet')] [Parameter(ParameterSetName='HashQuerySet')] [switch] ${Force}, [Parameter(ParameterSetName='GetLogSet')] [Parameter(ParameterSetName='GetProviderSet')] [Parameter(ParameterSetName='FileSet')] [Parameter(ParameterSetName='HashQuerySet')] [Parameter(ParameterSetName='XmlQuerySet')] [switch] ${Oldest}, [Parameter(ParameterSetName='LogNameGetEventlog')] [ValidateNotNullOrEmpty()] [datetime] ${After}, [Parameter(ParameterSetName='LogNameGetEventlog')] [ValidateNotNullOrEmpty()] [datetime] ${Before}, [Parameter(ParameterSetName='LogNameGetEventlog')] [ValidateNotNullOrEmpty()] [string[]] ${UserName}, [Parameter(ParameterSetName='LogNameGetEventlog', Position=1)] [ValidateRange(0, 9223372036854775807)] [ValidateNotNullOrEmpty()] [long[]] ${InstanceId}, [Parameter(ParameterSetName='LogNameGetEventlog')] [ValidateNotNullOrEmpty()] [ValidateRange(1, 2147483647)] [int[]] ${Index}, [Parameter(ParameterSetName='LogNameGetEventlog')] [Alias('ET')] [ValidateNotNullOrEmpty()] [ValidateSet('Error','Information','FailureAudit','SuccessAudit','Warning')] [string[]] ${EntryType}, [Parameter(ParameterSetName='LogNameGetEventlog')] [Alias('ABO')] [ValidateNotNullOrEmpty()] [string[]] ${Source}, [Parameter(ParameterSetName='LogNameGetEventlog')] [Alias('MSG')] [ValidateNotNullOrEmpty()] [string] ${Message}, [Parameter(ParameterSetName='LogNameGetEventlog')] [switch] ${AsBaseObject}, [Parameter(ParameterSetName='ListGetEventlog')] [switch] ${List}, [Parameter(ParameterSetName='ListGetEventlog')] [switch] ${AsString}
)
begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand('Microsoft.PowerShell.Diagnostics\Get-WinEvent', [System.Management.Automation.CommandTypes]::Cmdlet)
\ { \ LogName = $PSBoundParameters['Logname'] } $null = $PSBoundParameters.Remove('LogName')
if ($PSBoundParameters.ContainsKey('Before')) { $filter['EndTime'] = $PSBoundParameters['Before'] $null = $PSBoundParameters.Remove('Before') } if ($PSBoundParameters.ContainsKey('After')) { $filter['StartTime'] = $PSBoundParameters['After'] $null = $PSBoundParameters.Remove('After') } if ($PSBoundParameters.ContainsKey('EntryType')) { \ $levelFlags = [System.Collections.Generic.List[int]]@()
\ { $levelFlags.Add(1) \ if ($PSBoundParameters['EntryType'] -contains 'Warning') { $levelFlags.Add(3) \ if ($PSBoundParameters['EntryType'] -contains 'Information') { $levelFlags.Add(4) \
\ { $filter['Level'] = [int[]]$levelFlags }
\ { $filter['Keywords'] += 0x10000000000000 } if ($PSBoundParameters['EntryType'] -contains 'SuccessAudit') { $filter['Keywords'] += 0x20000000000000 } $null = $PSBoundParameters.Remove('EntryType') } if ($PSBoundParameters.ContainsKey('InstanceId')) { $filter['ID'] = $PSBoundParameters['InstanceId'] $null = $PSBoundParameters.Remove('InstanceId') } if ($PSBoundParameters.ContainsKey('Source')) { $filter['ProviderName'] = $PSBoundParameters['Source'] $null = $PSBoundParameters.Remove('Source') }
$PSBoundParameters['FilterHashtable'] = $filter Write-Host ($filter | Out-String) -ForegroundColor Green if ($PSBoundParameters.ContainsKey('Newest')) { $PSBoundParameters['MaxEvents'] = $PSBoundParameters['Newest'] $null = $PSBoundParameters.Remove('Newest') } }
$scriptCmd = { & $wrappedCmd @PSBoundParameters } $steppablePipeline = $scriptCmd.GetSteppablePipeline($myInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } }
process { try { $steppablePipeline.Process($_) } catch { throw } }
end { try { $steppablePipeline.End() } catch { throw } }
}
|