Get-GphGppTraceLog.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#requires -Version 3.0
function Get-GphGppTraceLog
{
  <#
      .SYNOPSIS
      Opens the Group Policy Preferences Tracelog.
 
      .DESCRIPTION
      Opens the Group Policy Preferences Tracelog and returns the contents as objects. Tracing must be enabled before
      Trace Logs are created.
 
      .EXAMPLE
      Get-GphGppTraceLog
 
      .NOTES
      Author: Holger Voges
      Date: 2018-11-16
      Version: 1.0
  #>

  [cmdletbinding()]
  param(
    [ValidateScript({ Test-Path -path $_ -pathtype container })]
    [string]$logPath = ("$env:ProgramData\grouppolicy\Preference\Trace\user.log")
  )
        
  $TraceLog = Get-Content -Path $logPath -ReadCount 0
  $regex = '(\S+)\s(\S+)\s(\S+)\s(.+)'

  for ( $i = 1; $i -le $TraceLog.length; $i++ )
  {
      $null = $TraceLog[$i-1] -match $regex
      [PSCustomObject][ordered]@{
          Index = $i
          Date = $matches[1]
          Time = $matches[2]
          Proc_thread = $matches[3]
          Message = $matches[4]
      }
  }
}