By

Adam Bacon

,

Powershell

,

Modules

,

Crescendo

●

Published 2022-10-08

Okay I know it has been a while since I last wrote a blog. This is due to me being 100% focused on my new job. Like this is the best job I have ever had and I just want to be 100% focused on it. Make sure I meet expectations and complete tasks I get asked to do. Then in the evening before I know it, I am going to bed and another day begins.

I did tweet that I was going to take a hiatus from smashing out Powershell Modules almost daily as I wanted to hopefully inspire others to get building and publishing modules, and to be 100% committed to my new job. Honestly feeling so blessed to have landed this position, I felt like it was a wind-up as it was just like my dream job.

So many good things have come from this web-site being put together, like the talks and presentations, speaking to various members of the powershell Team directly, chatting with Chrissy LeMaire who has just been such a 👼 guardian angel for me. Like seriously Chrissy is a 🦸‍♀️ super-hero, so to actually have been chatting and working with Chrissy on some mini-projects has been incredible. Something I never envisaged happening, so I would certainly like to carry-on these good-vibe momentums. Working with Powershell Universal again has been super-cool and I got to have some chats with another super-hero 🦸‍♂️ Adam Driscoll who through his software has just made me better at coding, by wanting to create modules for the community, and in doing so has just improved my coding by the challenges this has presented me to complete these modules to make them work.

Although it has been 12 days since I wrote my last blog.

(New-TimeSpan -Start (get-date -Date 26/09/2022) -End (Get-Date)).Days

I hope the wait has been worth it. As this blog has the ultimate Powershell way to read any given log file. So if you want to find out how to impress your friends with this amazing super-power then keep reading

The origins of finding this gem 💎 of a tool was actually in my previous position whilst analyzing IIS log files. The very kind @PrzemyslawKlys whipped up an IIS log parser module and even did a blog on the module. When I first looked at being given the task at hand I did even try the IISParser module to see if it would decipher the log file at hand

Sadly as I was not reading a IIS log file I got nothing returned 😭 so I could not use this particular module that was kind of made for me a little while back by the kind @PrzemyslawKlys. I did tweet about this like 4 months ago, saying I was shocked no-one had done like a Powershell version of the Microsoft Log Paser tool.

When I first used this tool I was just like 🤯 WOW this is an amazing tool from Microsoft, but just not needing to analyze lots of logs never really looked at a way to automate this task. So when I used this tool originally for analyzing IIS log files I was just really amazed at how you could query the log for the data you wanted returned.

So one of my recent tasks was to read a log file but I am not allowed to install software on my work laptop without going through the proper procedure. When-ever I get a task to automate something, I like to try and complete it the same-day to get that buzz I get from coding. So I tried this on my home laptop to see if it would read the log file at hand from getting the sample log from my one-drive.

Boom 💥 just as planned I got the results from the log, using the trusted Microsoft Log Parser. Which I personally think is a really underated tool, as I was also able to convert this output to CSV which just happened to also be part of the challenge. I was not 100% sure on the exact data required so the SQL query part was not my main focused at the moment it was just the fact I had pretty much accomplished the challenge.

However, as this needs to be an automated task, and I could do this using an external executable, it does require you to install this on your system even though it is just an executable cmd-line application. Once you have it, you could just copy that and then run it on another machine, but again although this is a great tool, some of the parameters can be a bit clunky in my personal opinion as in I need to read the help file to be able to understand what the parameter stood for and how to use it.

So had one of those 💡 ideas pop-in-my-head like why don't I just build this as a Powershell Crescendo module kind of like I dreamed about 4+ months ago before knowing all about the totally awesome Powershell Crescendo Module which again I would 💖 love to see Microsoft do a dedicated website on Crescendo to push this more to the Powershell community on how awesome this is. Like I included everything in my build folder for this module including the licensing information for the Microsoft Log Parser application. For me this would be the best of both as I could then wrap this into a module and install the Powershell module as opposed to installing an application on my work laptop.

Once I knew which data was required, I was able to parse the output of this CSV to use Import-CSV and then pipe that to a Where-Object to filter the data matching a certain certeria on a particular column. This then brought back only the data that was required to then be analysed. As I now had a working solution to automate the task, I wanted to make this into a Crescendo module and package the executable all within the module to just make it work out-the-box. I am sure Micrsoft are 😎 cool with me doing this as I am trying to promote this amazing free tool that is just not talked about enough.

This would also get me round my own personal dilemma of not being able to install software without getting pre-approval, as I am not actually now installing any software, only a Powershell Module to the current user scope aka my profile. I was not trying to cut-corners by doing it this way, but just figure that once you tell the installer of the original MSI where to install it, you only need the executable to run it, as it is a cmd-line application that relies on the dll file included. Obviously if this software was not from the mighty Microsoft then I might have my own suspicions on running it in the first-place.

I mean for those who still do not want to take the leap into the world of the command-line 🐚 shell then there is even a graphical user interface of this tool which you can also download for free from Microsoft find out more here

Depending on how far you like to look into issues and what types of problems you deal with. I am sure at some-stage in your IT career you will have to read and understand a log file to find out why something is happening. As most applications of importance will output a log file. I am hoping this will be your 👑 crown 💎 jewels when that time comes.

I said it before the best things in life are free 🎤 now I discovered what log parser means to me as it was Friday evening it was time to crack open the 💻 laptop and make some 🤓 dreams of automating log files come true 😻

Yes I know how to rock my Friday evenings to the maximum 🤡

So I did include this in the module as build.ps1 file, which contains the following Powershell code

Import-Module Microsoft.Powershell.Crescendo
$NewConfiguration = @{
    '$schema' = 'https://aka.ms/PowerShell/Crescendo/Schemas/2021-11'
    Commands  = @()
}
$parameters = @{
    Verb         = 'Invoke'
    Noun         = 'PSLogParser'
    OriginalName = "LogParser.exe"
}
$NewConfiguration.Commands += New-CrescendoCommand @parameters
$NewConfiguration | ConvertTo-Json -Depth 3 | Out-File .\LogParser.json

From running this I got the following JSON file which I edited to look like this

{
  "Commands": [
    {
      "Verb": "Invoke",
      "Noun": "PSLogParser",
      "OriginalName": ".\\LogParser.exe",
      "OriginalCommandElements":,
      "Platform": ["Windows"],
      "Description": "Reads a log file and outputs to a given format specified",
      "Parameters": [
         {
            "ParameterType": "string",
            "OriginalName"  : "-i:",
            "OriginalPosition": 0,
            "Name"          : "InputLogFileType"
        },
        {
            "ParameterType": "string",
            "OriginalName"  : "-o:",
            "OriginalPosition": 1,
            "Name"          : "OutputLogFileType"
        },
        {
            "ParameterType": "string",
            "OriginalName"  : "",
            "OriginalPosition": 2,
            "Name"          : "SQLquery"
        },
                {
            "ParameterType": "switch",
            "OriginalName"  : "-queryInfo",
            "OriginalPosition": 3,
            "Name"          : "WhatIf"
        }
      ],
      "OutputHandlers": []
    }
  ],
  "$schema": "https://aka.ms/PowerShell/Crescendo/Schemas/2021-11"
}

All that was needed to create the actual module was for me to type this one-line of code

Export-CrescendoModule -ConfigurationFile .\LogParser.json -ModuleName PSLogParser -Force

Which then produced the function and the module file needed to publish this to the Powershell Gallery. I mean I would like to tweak the function to make some of these parameters have a defined list of items to choose from. For me though this was a super-quick win to now enable me to automate the entire task from my work laptop using this module that only took about 15 minutes to complete from start to finish

As you can see from the actual code steps I needed to do, it was not a great deal of work involved, but now I have the ability to run one line of Powershell code to get the goodness of any given log file supplied in the FROM clause of the SQL query.

Invoke-PSLogParser -InputLogFileType TextLine -OutputLogFileType CSV -SQLquery "Select * FROM C:\logfile.log"

Which I know is more wording than the original parameters contained but as you can tab complete you shouldn't notice the difference. This for me is a lot easier on the eye to read and just makes more sense to me. I even included a -WhatIf parameter. Anyways again this was a personal task that I had to complete but as this tool is so powerful at being able to read any given log file from any system. I wanted to share this with the community. As I did want this exact same thing myself over four months ago, but just didn't know a way at the time on how this could be accomplished. As another module was published which then allowed me to read the IIS log files I needed at the time, I just did not see the need to build another module which would do the same thing. However no Powershell module out there I knew of or tried would parse this particular log file I needed to get into CSV format. As I am looking at a variety of log files, more than just IIS logs, I need a reliable tool to read these and output the data to the desired format. This for me ticks all those boxes, and now gives me and you the ability to read any given log file.

Next time you get tasked with reading a log file and making sense of it, or being able to determine what the log contains. Then I really do hope this Powershell module becomes your tool of choice to get the goodness from the given log file. This really has saved my 🥓 bacon a good few times already. I do hope this blog has given you an idea for your favourite cmd-line tool to run in Powershell, from the cmdlet name and parameters you specified whilst building it.