Private/Write-WinslopFixLog.ps1
|
function Write-WinslopFixLog { <# .SYNOPSIS Writes a structured entry to the Windows Event Log for WinslopFix. .DESCRIPTION Wraps Write-EventLog with automatic source registration, consistent formatting, and Write-Verbose passthrough. All WinslopFix operations should log through this function to ensure uniform event structure. Event IDs follow a structured schema: 1000-1999 Lifecycle (start, stop, config) 2000-2999 Detection (new process, natural exit) 3000-3999 Action (process terminated) 4000-4999 Policy (AI feature changes) 9000-9999 Error (failures) #> [CmdletBinding()] param( [Parameter(Mandatory)] [string]$Message, [Parameter()] [ValidateRange(1, 65535)] [int]$EventId = 1000, [Parameter()] [ValidateSet('Information', 'Warning', 'Error')] [string]$EntryType = 'Information', [Parameter()] [string]$Source = 'WinslopFix', [Parameter()] [string]$LogName = 'Application' ) process { # Ensure the event log source exists (idempotent) try { if (-not [System.Diagnostics.EventLog]::SourceExists($Source)) { New-EventLog -LogName $LogName -Source $Source -ErrorAction Stop } } catch { # Source registration requires admin; if we can't register, log to verbose only Write-Verbose "Unable to register event log source '$Source': $($_.Exception.Message)" } # Write to Event Log try { Write-EventLog -LogName $LogName -Source $Source ` -EventId $EventId -EntryType $EntryType ` -Message $Message -ErrorAction Stop } catch { Write-Verbose "Event log write failed: $($_.Exception.Message)" } # Always echo to Verbose stream for interactive/debug visibility $prefix = switch ($EntryType) { 'Warning' { 'WARN' } 'Error' { 'ERROR' } default { 'INFO' } } Write-Verbose "[$prefix] [$EventId] $Message" } } |