EventLogConverter.psm1
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 |
[CmdletBinding()] Param() Function ConvertTo-EvtObject { [CmdletBinding()] Param ( [parameter(ValueFromPipelineByPropertyName,ValueFromPipeline,Mandatory=$true)] [Object[]]$InputObject ) Process { [System.Collections.ArrayList]$Objects = @() $InputObject | ForEach-Object { $xdoc = [xml]$_.ToXML() $obj = New-Object PSObject #create NoteProperty for each System node - check for attributes and create #a new property using a <node><attribute> syntax $xdoc.Event.System.ChildNodes | ForEach-Object { if ($_.HasAttributes) { $parentName = $_.LocalName $_.Attributes | ForEach-Object { $obj | Add-Member -MemberType NoteProperty -Name "$($parentName)$($_.Name)" -Value $_.'#text' } } if ($_.'#text') { #add the Text node if present $obj | Add-Member -MemberType NoteProperty -Name $_.LocalName -Value $_.InnerText } } #check for named EventData node(s) $xdoc.Event.EventData | ForEach-Object { if ($_.Name -ne $_.LocalName) { $PropertyName = "EventDataName" $PropertyValue = $_.Name $obj | Add-Member -MemberType NoteProperty -Name $PropertyName -Value $PropertyValue } } #create NoteProperty for each EventData.Data node $DataCounter = 0 if ($xdoc.Event.EventData) { $xdoc.Event.EventData.Data | ForEach-Object { if ($_.Name) { $PropertyName = $_.Name if ($obj.$PropertyName) { $PropertyName = "$($_.Name)01" } $PropertyValue = $_.innerText } else { #for unnamed Data nodes, use a numeric counter $PropertyName = "Data$($DataCounter.toString('00'))" $PropertyValue = $_.toString() $DataCounter += 1 } $obj | Add-Member -MemberType NoteProperty -Name $PropertyName -Value $PropertyValue } } #if there is a Userdata node, try to handle that if ($xdoc.Event.UserData) { $xdoc.Event.UserData | ForEach-Object { $PropertyName = 'UserData' if ($_.ChildNodes) { $ParentName = $_.LocalName $_.ChildNodes | ForEach-Object { $PropertyName = "$ParentName$($_.localName)" if ($_.ChildNodes) { $ParentName = $_.LocalName $_.ChildNodes | ForEach-Object { $PropertyName = "$ParentName$($_.localName)" $PropertyValue = $_.InnerXML $obj | Add-Member -MemberType NoteProperty -Name $PropertyName -Value $PropertyValue } } else { $PropertyValue = $_.InnerXML $obj | Add-Member -MemberType NoteProperty -Name $PropertyName -Value $PropertyValue } } } else { $PropertyValue = $_.InnerXML $obj | Add-Member -MemberType NoteProperty -Name $PropertyName -Value $PropertyValue } } } #if there is a Binary node, try to handle that if ($xdoc.Event.EventData.Binary) { $PropertyName = "Binary" $PropertyValue = $xdoc.Event.EventData.Binary.toString() $obj | Add-Member -MemberType NoteProperty -Name $PropertyName -Value $PropertyValue } [Void]$Objects.Add($obj) } $Objects } } |