-
Notifications
You must be signed in to change notification settings - Fork 91
/
Copy pathMainLoop.ps1
71 lines (60 loc) · 4.22 KB
/
MainLoop.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
$lastCheck = (Get-Date).AddSeconds(-2)
Write-Host "Starting EventLog Monitor"
########################################################################################################
### Setup EventLog to Monitor
########################################################################################################
$ComputerName = "." ### LocalHost
$EventLogName = "Application" ### Application Event Log
$EventLogSource = "" ### Source cannot be filtered
########################################################################################################
### Setup Sources to Filter
########################################################################################################
### Get All Event Source for the selected Event Log
$EventLogSources = (Get-ChildItem HKLM:\SYSTEM\CurrentControlSet\Services\EventLog\$($EventLogName)).pschildname
### Create array of EventSources to monitor in Global variable / need to be global so ObjectEvent can pick it up
$Global:EventLogSourcesToMonitor = $EventLogSources | where-object { ($_ -ilike "*Dynamics*") -or ($_ -ilike "MSSQL`$*")}
Write-Host "Monitoring EventSources from EventLog[$($EventLogName)]:"
foreach($EventLogSourceToMonitor in $Global:EventLogSourcesToMonitor){
Write-Host "- $($EventLogSourceToMonitor)"
}
Write-Host ""
########################################################################################################
### Create the EventLog Object
########################################################################################################
### Initialize the LastEventLogIndex
$Global:LastEventLogIndex = 0
### Initialize dotnet EventLog object
$EventLog = [System.Diagnostics.EventLog]::New($EventLogName, $ComputerName, $EventLogSource)
########################################################################################################
### Register to the EventLog event "EntryWritten"
########################################################################################################
Register-ObjectEvent -InputObject $EventLog `
-EventName "EntryWritten" `
-Action {
### Save event in Global variable / Not required / Handy for debugging
$Global:LastEvent = $Event
### Map the received to event to variable for cleaner code
$EventLogEntry = $Event.SourceEventArgs.Entry
### !!! ATTENTION !!!
### This part is uber-important due to how the EventLog works
### When the EventLog is full, is Rolls-Over (default setting)
### When the EventLog Rolls-Over, all previous events are retriggered
### Checking the Index, which is unique will prevent old events from displaying again
### Events are always triggered and processed in order, so no risk in missing events.
if ($EventLogEntry.Index -le $Global:LastEventLogIndex) { return }
$Global:LastEventLogIndex = $EventLogEntry.Index
### Check if the Event is from a selected source, ifnot exit
### The array.Contains ask more performance than the Index check, thats why its second
if (!($Global:EventLogSourcesToMonitor.Contains($EventLogEntry.Source))) { return }
### Profit! Print the received event
Write-Host "TimeGenerated : $($EventLogEntry.TimeGenerated)"
Write-Host "EventSource: $($EventLogEntry.Source)"
Write-Host "EntryType : $($EventLogEntry.EntryType)"
Write-Host "Message : "
Write-Host "$($EventLogEntry.Message)"
Write-Host ""
} | Out-Null
while ($true)
{
Start-Sleep -Seconds 60
}