-
Notifications
You must be signed in to change notification settings - Fork 0
/
Write-WinEventEventdata.ps1
40 lines (34 loc) · 1.52 KB
/
Write-WinEventEventdata.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
function Write-WinEventEventdata {
[CmdLetBinding()]
param(
[string]$LogName,
[string]$Provider,
[int64]$EventId,
[System.Diagnostics.EventLogEntryType]$EventType,
[System.Collections.Specialized.OrderedDictionary]$EventData,
[ValidateSet('JSON','CSV','XML','PLAIN')]
[string]$MessageFormat='JSON'
)
$EventMessage = @()
switch ($MessageFormat) {
'JSON' {$EventMessage += $EventData | ConvertTo-Json }
'CSV' {$EventMessage += ($EventData.GetEnumerator() | Select-Object -Property Key,Value | ConvertTo-Csv -NoTypeInformation) -join "`n"}
'XML' {$EventMessage += ($EventData | ConvertTo-Xml).OuterXml }
}
$EventMessage += foreach ($Key in $EventData.Keys) {
'{0}:{1}' -f $Key,$EventData.$Key
}
try {
$Event = [System.Diagnostics.EventInstance]::New($EventId,$null,$EventType)
$EventLog = [System.Diagnostics.EventLog]::New()
$EventLog.Log = $LogName
$EventLog.Source = $Provider
$EventLog.WriteEvent($Event,$EventMessage)
}
catch {
$PSCmdlet.ThrowTerminatingError($_)
}
}
$EventData = [ordered]@{Program = 'MyProgram';ThisEvent = 'This is an event I want to track'; SomethingElse = 'I like the C64'}
Write-WinEventEventdata -LogName "Application" -Provider BGETEM-LOG -EventId 999 -EventType Information -EventData $EventData
#Write-WinEventEventdata -LogName Application -Provider Userinfo -EventId 1000 -EventType Information -EventData $EventData