Get-GphGpDebugLog.ps1
|
#requires -Version 2.0 function Get-GphGpDebugLog { <# .SYNOPSIS Reads the GPSVC.Log File .DESCRIPTION Get-GPDebuglog can parse the GPSVC.Log File and export its contents in readable form. .EXAMPLE Get-GPDebugLog | out-gridview Reads the GPSVC.Log and returns it in a gridview .Notes A Great Tool for Troubleshooting GPSVC.Log: Policy Reporter http://www.sysprosoft.com/policyreporter.shtml #> [CmdletBinding()] param( # If gpsvc.log is not in the default-path, put it here [string] [ValidateScript({ Test-Path -Path $_ -PathType Leaf })] $gpSvcLogPath = "$env:windir\debug\UserMode\gpsvc.log", # Format the DateTime Entries from the log - not implemented yet [string]$TimeFormat = 'HH:mm:ss:fff' )# [RegEx]$LogID = '(GPSVC\(\S{3,4}.\S{3,4}\)) ((?:\d\d:){3}\d{3}) ([\s\S]{1,})' [RegEx]$ProcessID = '(?<=\()([A-Za-z\d]{2,4})(?=\.)' # '([A-Za-z\d]{3})(?=\.)' [RegEx]$ThreadID = '(?<=\.)([A-Za-z\d]{2,4})(?=\))' # '(?<=\.)([A-Za-z\d]{3})' $gpSvcLog = Get-Content -Path $gpSvcLogPath -Encoding Unicode -ReadCount 0 $Index = 1 $Time = Get-Date $ ForEach ( $LogItem in $gpSvcLog ) { $Null = $LogItem -match $LogID $LogEntry = @{ Index = $Index EntryType = $matches[1] Entrytime = $matches[2] Message = $matches[3] ProcessID = [Convert]::ToInt32(($ProcessID.Matches($matches[1]).value),16) ThreadID = [Convert]::ToInt32(($ThreadID.Matches($matches[1]).value),16) } New-Object -TypeName PSCustomObject -Property $LogEntry $Index++ } } |