scriptingstudio/EventInfo.ps1

## EventInfo.ps1
# NOTE: XML doesn't take data types into account; it can be retrieved from event.Properties.Value, and the names can be taken from XML
# NOTE: Event data without names can only be retrieved from event.Properties.Value
function Convert-EventLog {
	[cmdletbinding()]
	[alias('cvev','Get-EventLogInfo')]
	param (
		[Parameter(Position=0,Mandatory,ValueFromPipeline)]
		#[System.Diagnostics.Eventing.Reader.EventLogRecord[]]
		[alias('inputobject')]$EventObject,
		[switch]$noType, # return event data as text
		[alias('nomessage')][switch]$noText # exclude 'Message' property
	)
	begin {$exclude = if ($noText) {'Properties','Message'} else {'Properties'}}
	process {
		foreach ($item in $EventObject) {
			$eventInfo = [ordered]@{}
			($item | Select-Object * -ExcludeProperty $exclude).psobject.properties.foreach{
				$eventInfo[$_.name] = $_.value
			}
			$raw = 0
			$xml = ([xml]$item.toxml()).event
			if ($xml.eventData) {
				$eventData = [ordered]@{}
				$properties = $xml.eventData.data
				if ($noType) {
					foreach ($p in $properties) {
						if ($p.Name) {$eventData[$p.Name] = $p.'#text'} else {$raw++}
					}
				} else {
					for ($i=0; $i -lt $properties.count; $i++) {
						if ($properties[$i].Name) {$eventData[$properties[$i].Name] = $item.Properties[$i].Value} else {$raw++}
					}
				}
				if ($raw) {$eventData['RawData'] = $item.Properties.Value}
				$eventInfo['EventData'] = [pscustomobject]$eventData
			}
			elseif ($xml.userData) {
				$userData = [ordered]@{}
				$xml.userData.GetEnumerator().foreach{
					$n = $_.name
					$children = ($xml.userData.$n | Get-Member -MemberType property -ErrorAction 0).name
					$userData[$n] = if ($children) {
						$data = [ordered]@{}
						foreach ($p in ($children -ne 'xmlns')) {
							$data[$p] = $xml.userData.$n.$p
						}
						[pscustomobject]$data
					} else {
						$xml.userData.$n
					}
				}
				$eventInfo['UserData'] = [pscustomobject]$userData
			}
			[pscustomobject]$eventInfo
		}
	}
} # END Convert-EventLog
	# NOTE: XML doesn't take data types into account; it can be retrieved from event.Properties.Value, and the names can be taken from XML
	# NOTE: Event data without names can only be retrieved from event.Properties.Value
	function Convert-EventLog {
	[cmdletbinding()]
	[alias('cvev','Get-EventLogInfo')]
	param (
	[Parameter(Position=0,Mandatory,ValueFromPipeline)]
	#[System.Diagnostics.Eventing.Reader.EventLogRecord[]]
	[alias('inputobject')]$EventObject,
	[switch]$noType, # return event data as text
	[alias('nomessage')][switch]$noText # exclude 'Message' property
	)
	begin {$exclude = if ($noText) {'Properties','Message'} else {'Properties'}}
	process {
	foreach ($item in $EventObject) {
	$eventInfo = [ordered]@{}
	($item \| Select-Object * -ExcludeProperty $exclude).psobject.properties.foreach{
	$eventInfo[$_.name] = $_.value
	}
	$raw = 0
	$xml = ([xml]$item.toxml()).event
	if ($xml.eventData) {
	$eventData = [ordered]@{}
	$properties = $xml.eventData.data
	if ($noType) {
	foreach ($p in $properties) {
	if ($p.Name) {$eventData[$p.Name] = $p.'#text'} else {$raw++}
	}
	} else {
	for ($i=0; $i -lt $properties.count; $i++) {
	if ($properties[$i].Name) {$eventData[$properties[$i].Name] = $item.Properties[$i].Value} else {$raw++}
	}
	}
	if ($raw) {$eventData['RawData'] = $item.Properties.Value}
	$eventInfo['EventData'] = [pscustomobject]$eventData
	}
	elseif ($xml.userData) {
	$userData = [ordered]@{}
	$xml.userData.GetEnumerator().foreach{
	$n = $_.name
	$children = ($xml.userData.$n \| Get-Member -MemberType property -ErrorAction 0).name
	$userData[$n] = if ($children) {
	$data = [ordered]@{}
	foreach ($p in ($children -ne 'xmlns')) {
	$data[$p] = $xml.userData.$n.$p
	}
	[pscustomobject]$data
	} else {
	$xml.userData.$n
	}
	}
	$eventInfo['UserData'] = [pscustomobject]$userData
	}
	[pscustomobject]$eventInfo
	}
	}
	} # END Convert-EventLog
No results found