Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

EventLog is moved, but Path is never changed #42

Open
matthias-schlimm opened this issue May 29, 2018 · 3 comments

Comments

@matthias-schlimm
Copy link
Collaborator

commented May 29, 2018

issues with Event log redirections on some Projects, i beleive the commonality is IF BIS-F is run to move the event logs to say "D: but then that needs to be changed to "E" - I am not sure why, but it only changes some event logs and leaves the rest broken

Fix it with the following script
https://gallery.technet.microsoft.com/scriptcenter/Change-the-path-of-the-f86d2427

@EUCweb

This comment has been minimized.

Copy link
Owner

commented May 29, 2018

Function Set-EventlogPath ([string]$Computername=$env:COMPUTERNAME,[string]$NewLogDir) 
{ 
    [reflection.assembly]::loadwithpartialname("System.Diagnostics.Eventing.Reader") 
    $Eventlogsession = New-Object System.Diagnostics.Eventing.Reader.EventLogSession -ArgumentList $Computername 
    Foreach($LogName in $Eventlogsession.GetLogNames())    { 
        $Eventlogconfig = New-Object System.Diagnostics.Eventing.Reader.EventLogConfiguration -ArgumentList $LogName,$Eventlogsession 
        $Logfilepath = $Eventlogconfig.LogFilePath 
        $Logfile = Split-Path $Logfilepath -Leaf 
        $NewLogFilePath = "$NewLogDir\$Logfile" 
 
         Write-Host -ForegroundColor Yellow $LogName,$Logfilepath,$Eventlogconfig.LogType 
         
        if (($Eventlogconfig.LogType -eq "Debug" -or$Eventlogconfig.LogType -eq " Analytical") -and $Eventlogconfig.IsEnabled) 
        { 
            $Eventlogconfig.IsEnabled = $false 
            $Eventlogconfig.SaveChanges()  
 
            $Eventlogconfig.LogFilePath = $NewLogFilePath 
            $Eventlogconfig.SaveChanges()  
 
            $Eventlogconfig.IsEnabled = $true 
            $Eventlogconfig.SaveChanges() 
            } 
        else 
        { 
            $Eventlogconfig.LogFilePath = $NewLogFilePath 
            $Eventlogconfig.SaveChanges() 
            } 
        } 
    } 
@EUCweb

This comment has been minimized.

Copy link
Owner

commented May 29, 2018

function Move-EvtLogs

{

	<#

	.Synopsis

	   Enable all Eventlog and move Eventlogs to E:\Eventlogs

	.DESCRIPTION

   

	.EXAMPLE

	   Example of how to use this cmdlet

	.EXAMPLE

	   Another example of how to use this cmdlet

	.INPUTS

	   Inputs to this cmdlet (if any)

	.OUTPUTS

	   Output from this cmdlet (if any)

	.NOTES

		Author: Matthias Schlimm

      	Company: Login Consultants Germany GmbH

		

		History

      	Last Change: 29.07.2017 MS: function created, thx to Bernd Braun

		Last Change: 01.08.2017 MS: if custom eventlog folder is enabled in ADMX; use this instead of BIS-F standard

		Last Change: 02.08.2017 MS: change to new ADMX structure to get custom EventLog foldername

		Last Change: 11.11.2017 MS: Bugfix, show the right Eventlog during move to the WCD

	.COMPONENT

	   The component this cmdlet belongs to

	.ROLE

	   The role this cmdlet belongs to

	.FUNCTIONALITY

	   Enable all Eventlog and move Eventlogs to the PVS WriteCacheDisk if Redirection is enabled function Use-BISFPVSConfig  #>

	

	#>

	Write-BISFFunctionName2Log -FunctionName ($MyInvocation.MyCommand | % {$_.Name})  #must be added at the begin to each function 

	# test if custom searchfolder is enabled

	IF ($LIC_BISF_CLI_EVTb -eq "1") {$Global:LIC_BISF_EvtPath = "$PVSDiskDrive\$LIC_BISF_CLI_EvtFolder"}

	

	Write-BISFLog -Msg "Move Eventlogs to the PVS WriteCacheDisk" -ShowConsole -Color Cyan

	If (!(Test-Path -Path $LIC_BISF_EvtPath)) 

	{

		Write-BISFLog -Msg "Create Eventlog directory $LIC_BISF_EvtPath"

        New-Item -Path $LIC_BISF_EvtPath -ItemType Directory -Force

    }

	$appvlogs = Get-WinEvent -ListLog "*" -force -ErrorAction SilentlyContinue| Where-Object {$_.IsEnabled -eq $false}



	foreach ($logitem in $appvlogs) {

		 $x = $logitem.LogName

		 Write-BISFLog -Msg "Eventlog enabled: $x"

	 #    $logitem.IsEnabled = $true

		 $LogfilePath = "$LIC_BISF_EvtPath\" + $logitem.logName + ".evtx"

		 $Logfilepath = $LogFilePath.Replace("/", "")



		 Write-BISFLog -Msg "Path:`t`t $LogfilePath" -ShowConsole -SubMsg -Color DarkCyan

		 $logitem.LogFilePath = $Logfilepath

		 Try {

			$logitem.SaveChanges()

		 }

		 Catch [System.Management.Automation.MethodInvocationException] {

			#$Error | Get-Member

			#$Error.Data

			#$Error.ErrorRecord

			#$Error.Errors

			$x = $_.Exception.Message

			Write-BISFLog -Msg “Error:`t`t $x" -Type W



			#Exit

		 }

		 Catch {

			$Error[0].Exception.GetType().fullname

		 }

		# Write-BISFLog -Msg "`n`n"

	}





	$appvlogs = Get-WinEvent -ListLog "*" -force -ErrorAction SilentlyContinue| Where-Object {$_.IsEnabled -eq $true}



	foreach ($logitem in $appvlogs) {

		 $x = $logitem.LogName

		 Write-BISFLog -Msg “Log enabled: $x"

	#     $logitem.IsEnabled = $true

		 $LogfilePath = "$LIC_BISF_EvtPath\" + $logitem.logName + ".evtx"

		 $Logfilepath = $LogFilePath.Replace("/", "")



		 Write-BISFLog -Msg "Path:`t`t $LogfilePath" -ShowConsole -SubMsg -Color DarkCyan

		 $logitem.LogFilePath = $Logfilepath

		 Try {

			$logitem.SaveChanges()

		 }

		 Catch [System.Management.Automation.MethodInvocationException] {

			#$Error | Get-Member

			#$Error.Data

			#$Error.ErrorRecord

			#$Error.Errors

			$x = $_.Exception.Message

			Write-BISFLog -Msg “Error:`t`t $x" -Type W



			#Exit

		 }

		 Catch {

			$Error[0].Exception.GetType().fullname

		 }

		 #Write-BISFLog -Msg "`n`n"

	}



	$appvlogs = Get-WinEvent -ListLog "Microsoft-Windows-TerminalServices-SessionBroker-*" -force -ErrorAction SilentlyContinue| Where-Object {$_.IsEnabled -eq $true}



	foreach ($logitem in $appvlogs) {

		 $x = $logitem.LogName

		 Write-BISFLog -Msg “Log enabled: $x"

		 $logitem.IsEnabled = $false

		 $LogfilePath = "$LIC_BISF_EvtPath\" + $logitem.logName + ".evtx"

		 $Logfilepath = $LogFilePath.Replace("/", "")



		 Write-BISFLog -Msg "Path:`t`t $LogfilePath" -ShowConsole -SubMsg -Color DarkCyan

		 $logitem.LogFilePath = $Logfilepath

		 Try {

			$logitem.SaveChanges()

		 }

		 Catch [System.Management.Automation.MethodInvocationException] {

			#$Error | Get-Member

			#$Error.Data

			#$Error.ErrorRecord

			#$Error.Errors

			$x = $_.Exception.Message

			Write-BISFLog -Msg “Error:`t`t $x" -Type W



			#Exit

		 }

		 Catch {

			$Error[0].Exception.GetType().fullname

		 }

		 #Write-BISFLog -Msg "`n`n"

	}

	$appvlogs = Get-WinEvent -ListLog "Microsoft-Windows-TerminalServices-SessionBroker-*" -force -ErrorAction SilentlyContinue| Where-Object {$_.IsEnabled -eq $false}



	foreach ($logitem in $appvlogs) {

		 $x = $logitem.LogName

		 Write-BISFLog -Msg “Log enabled: $x"

		 $LogfilePath = "$LIC_BISF_EvtPath\" + $logitem.logName + ".evtx"

		 $Logfilepath = $LogFilePath.Replace("/", "")



		 Write-BISFLog -Msg "Path:`t`t $LogfilePath" -ShowConsole -SubMsg -Color DarkCyan

		 $logitem.LogFilePath = $Logfilepath

		 Try {

			$logitem.SaveChanges()

		 }

		 Catch [System.Management.Automation.MethodInvocationException] {

			#$Error | Get-Member

			#$Error.Data

			#$Error.ErrorRecord

			#$Error.Errors

			$x = $_.Exception.Message

			Write-BISFLog -Msg “Error:`t`t $x" -Type W



			#Exit

		 }

		 Catch {

			$Error[0].Exception.GetType().fullname

		 }

		 #Write-BISFLog -Msg "`n`n"

	}

}
@matthias-schlimm

This comment has been minimized.

Copy link
Collaborator Author

commented Dec 7, 2018

can't reproduce this issue on a new image many times. All logs are redirected ?
The new function, also tested but it's not working. The redirected logs are stored in the BIS-F installation folder instead of the writeCacheDisk.

Move the issue outside of this Milestone

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.