I personally don't find Get-Log very useful as-is. I think it would be much better for the vi-tk to make these logs available as discrete objects, rather than an array of strings. It should work more like the builtin $error object. I'd like to do things like this:
Get-Log -type error | ? { $_.timestamp -ge $_.timestamp.adddays(-1) }
We agree with you and will try to address this issue for our Beta release.
Carter
We agree with you and will try to address this issue for our Beta release.
Carter
In the meantime you can play around with these functions.
Sorry about the formatting, this forum software is, well, special. The regex line below is supposed to read:
$hostdRegex = "\[(?<Date>[^ ]+) (?<Time>[^ ]+) (?<Object>'[^']+') (?<ID>[^ ]+) (?<Level>[^ ]+)\] (?<Message>.+)"
function Get-LogObject ($logLine)
{
$hostdRegex = "*** SEE LINE ABOVE ***"
$otherRegex = ""
if ($logLine -match $regex) {
$logObj = New-Object System.Management.Automation.PsObject
foreach ($property in "Date","Time","Object","ID","Level","Message") {
$logObj | Add-Member NoteProperty $property $matches.$property
}
$logObj
}
}
function Get-LogObjects
{
$logObjects = @()
while ($input.movenext()) {
$objects = $input.Current.Entries
foreach ($o in $objects) {
$logObject = Get-LogObject $o
if ($logObject) {
$logObjects += $logObject
}
}
}
$logObjects
}
The functions are not parsing out the dates, but that shouldn't be too hard. Unfortunately this stuff only supports hostd ATM. Other log facilities use different formats for some reason. Anyway, there's a number of ways to improve this so feel free to run with it.
To use it, do something like get-log -key hostd | get-logobjects
I know a couple of guys at Jive, let me know if you need a back door.
cool script, I'll try that.
I'm a little concerned at your (I mean that in the plural "y'all" sense, not you personally) tendency to have singular and plural cmdlet/function names. That's gonna trip people up at the command line during tab completion.