Logging

All SCCM logs have the same pattern, which makes log file parsing, but also creation, very easy. The following Write-CMLogEntry function creates log files with this specific type:

function Write-CMLogEntry
{
    <#
    .Synopsis
    Logs the entry in an CMTrace-compatible format to an logpath.
    .EXAMPLE
    Write-CMLogEntry -Value 'Example' -Severity 2 -LogFilePath $LogFilePath 
    .EXAMPLE
    $TSEnvironment = New-Object -ComObject Microsoft.SMS.TSEnvironment -ErrorAction Stop
    $LogFilePath = Join-Path -Path $Script:TSEnvironment.Value('_SMSTSLogPath') -ChildPath $FileName
    Write-CMLogEntry -Value 'ExampleWithLogFilePath' -Severity 1 -LogFilePath $LogFilePath 
    .EXAMPLE
    Begin {
        # Construct TSEnvironment object
        try 
        {
            $TSEnvironment = New-Object -ComObject Microsoft.SMS.TSEnvironment -ErrorAction Stop
        }
        catch
        {
            Write-Warning -Message 'Unable to construct Microsoft.SMS.TSEnvironment object' 
            exit 1
        }
    $Filename = 'LogFile.log'
    # Determine log file location
    $LogFilePath = Join-Path -Path $Script:TSEnvironment.Value('_SMSTSLogPath') -ChildPath $FileName
}
Process {
    Write-CMLogEntry -Value 'ExampleWithLogFilePath' -Severity 3 -LogFilePath $LogFilePath 
}
#>
param(
[parameter(Mandatory = $true, HelpMessage = 'Value added to the logfile.')]
[ValidateNotNullOrEmpty()]
[string]$Value,
[parameter(Mandatory = $true, HelpMessage = 'Severity for the log entry. 1 for Informational, 2 for Warning and 3 for Error.')]
[ValidateNotNullOrEmpty()]
[ValidateSet('1', '2', '3')]
[string]$Severity,
[parameter(Mandatory = $true, HelpMessage = 'Name of the log file that the entry will written to.')]
[ValidateNotNullOrEmpty()]
[string]$LogFilePath
)
Process {

    # Construct time stamp for log entry
    $Time = -join @((Get-Date -Format 'HH:mm:ss.fff'), '+', (Get-WmiObject -Class Win32_TimeZone | Select-Object -ExpandProperty Bias))

    # Construct date for log entry
    $Date = (Get-Date -Format 'MM-dd-yyyy')

    # Construct context for log entry
    $Context = $([System.Security.Principal.WindowsIdentity]::GetCurrent().Name)

    # Construct final log entry
    $LogText = "<![LOG[$($Value)]LOG]!><time=""$($Time)"" date=""$($Date)"" component=""DynamicApplicationsList"" context=""$($Context)"" type=""$($Severity)"" thread=""$($PID)"" file="""">"

    # Add value to log file
    try 
    {
        Add-Content -Value $LogText -LiteralPath $LogFilePath -ErrorAction Stop
    }
    catch
    {
        Write-Warning -Message "Unable to append log entry to logfile: $LogFilePath"
    }
}}

These log files can easily be viewed with the CMTrace tool, which comes with the SCCM as well:

A good tooling reference list can be found in the following blog post:

https://blogs.msdn.microsoft.com/daviddasneves/2017/10/15/some-tools-of-a-pfe/

For parsing SCCM log files with PowerShell, you can have a look at the code of the LogFileParser, which uses a RegEx statement to parse all the different log file types (https://github.com/ddneves/LogFileParser):

 #SCCM
 $newClass = [LogFileTypeClass]::new()
 $newClass.LogFileType = 'SCCM'
 $newClass.Description = 'All SCCM log-files.'
 $newClass.RegExString = '<![LOG[(?<Entry>.*)]LOG]!><time="(?<Time>.*).d{3}-d{3}"s+date="(?<Date>.*)"s+component="(?<Component>.*)"s+context="(?<Context>.*)"s+type="(?<Type>.*)"s+thread="(?<Thread>.*)"s+file="(?<File>.*):(?<CodeLine>d*)">'
 $newClass.LogFiles = 'default'
 $newClass.LocationsLogFiles = ('c:windowsccmlogs*', 'c:Program FilesSystem Center Configuration Manager*')
 ($this.LoadedClasses).Add($newClass)
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.218.196.182