Studying logs is at all times one thing you simply must do, however the Intune logs will not be simple to learn with out instruments like CMTrace on the consumer’s system. (The formatting just isn’t that good with out it) On this weblog publish, I’ll present you a straightforward technique to learn one or two particular logs, or all of the logs directly, and every in its personal Out-Gridview console for simple filtering when trying to find key phrases.
Challenges
The troublesome a part of PowerShell is at all times… Formatting textual content, getting the correct issues within the column you need, and so forth… This was a kind of issues I believed was going to be simple, however it wasn’t 🙂 Some occasions span a number of traces and that made thinks extra difficult 🙁 I feel this script can be simpler to make if I simply began utilizing Regex, however it seems troublesome… However maybe it isn’t, it certain is one thing that I need to be taught and it’s on my record of issues to do 😉
Working the script
The script consists of two Capabilities, the Get-IntuneLogContent operate for studying the log file and the Present-IntuneManagementExtensionLog operate which lets you choose the log file(s) you need utilizing switches. The switches are: (All of them level to the corresponding logfile in C:ProgramDataMicrosoftIntuneManagementExtensionLogs, the All change exhibits all of them)
- AgentExecutor
- All
- ClientHealth
- IntuneManagementExtension
- Sensor
Within the instance under, I ran the Present-IntuneManagementExtensionLog operate with the IntuneManagementExtension and ClientHealth switches.
Present-IntuneManagementExtensionLog -AgentExecutor -IntuneManagementExtension
This offers you two Out-GridView consoles:
and
You need to use the Filter bar to seek for particular issues, within the instance under I looked for Adobe occasions that I simply deployed to this VM:
Notice: You possibly can run this as a consumer, no Administrative PowerShell session is required. Maybe you do have to run “Set-ExecutionPolicy Bypass -Scope CurrentUser” nevertheless. Afterward, you possibly can run the road under to make the Capabilities out there within the PowerShell session.
. .Present-IntuneManagementExtensionLog.ps1
The script
Beneath is the script containing the 2 capabilities, I saved it in my OneDrive account of my check consumer for simple entry 🙂
#Operate for studying the Intune Administration Extension log
operate Get-IntuneLogContent {
param (
[Parameter(Mandatory = $true)][string]$Filepath
)
if (-not (Take a look at-Path -Path $Filepath -ErrorAction SilentlyContinue)) {
Write-Warning ("Error accessing {0}, examine permissions" -f $false)
}
#Begin studying logfile
$LogTotal = @()
foreach ($line in Get-Content material -Path $Filepath) {
#Get Time-stamp
attempt {
$time = (Choose-String 'time=(.*)' -InputObject $line).Matches.teams[0].worth.cut up('"')[1]
}
catch {
$time="n.a."
}
#Get date
attempt {
$date = (Choose-String 'date=(.*)' -InputObject $line).Matches.teams[0].worth.cut up('"')[1]
}
catch {
$date="n.a."
}
#Set datetime to n.a. if not discovered
if ($date -ne 'n.a.' -and $time -ne 'n.a.') {
$datetime = "$($date) $($time)"
}
else {
$datetime="n.a."
}
#Get the element worth
attempt {
$element = (Choose-String 'element=(.*)' -InputObject $line).matches.teams[0].worth.cut up('"')[1]
}
catch {
$element="n.a"
}
#If line is a part of a muli-line, show it or else cut up it to message textual content
If ($line.StartsWith('<![LOG') -ne $true -or ($line.Split('!><')[3]).size -eq 0 ) {
$textual content = $line
}
else {
$textual content = $line.Break up('!><')[3]
}
#Add line to $logtotal
$logline = [PSCustomObject]@{
'Log Textual content' = $textual content
'Date/Time' = $datetime
Element = $element
}
$logTotal += $logline
}
#Return discovered objects in a GridView
$LogTotal | Out-GridView -Title $Filepath
}
operate Present-IntuneManagementExtensionLog {
[CmdletBinding(DefaultParameterSetName = "Default")]
param (
[parameter(ParameterSetName = "Indiviudal")][switch]$AgentExecutor,
[parameter(ParameterSetName = "All")][switch]$All,
[parameter(ParameterSetName = "Indiviudal")][switch]$ClientHealth,
[parameter(ParameterSetName = "Indiviudal")][switch]$IntuneManagementExtension,
[parameter(ParameterSetName = "Indiviudal")][switch]$Sensor
)
#Warn if not parameter specified
if (-not ($AgentExecutor.IsPresent -or $All.IsPresent -or $ClientHealth.IsPresent -or $IntuneManagementExtension.IsPresent -or $Sensor.IsPresent)) {
Write-Warning "No parameter specified, please use the AgentExecutor, All, ClientHealth, IntuneManagementExtension or Sensor parameter to show the log(s)..."
break
}
#If all parameter is ready, set all switches to True
if ($all) {
Write-Host "Processing all logs..." -ForegroundColor Inexperienced
$AgentExecutor = $true
$ClientHealth = $true
$IntuneManagementExtension = $true
$Sensor = $true
}
#Invoke the Get-IntuneLogContent with the trail of the log
if ($AgentExecutor) {
Write-Host "Processing AgentExecutor log" -ForegroundColor Inexperienced
Get-IntuneLogContent -FilePath C:ProgramDataMicrosoftIntuneManagementExtensionLogsAgentExecutor.log
}
if ($ClientHealth) {
Write-Host "Processing ClientHealth log" -ForegroundColor Inexperienced
Get-IntuneLogContent -FilePath C:ProgramDataMicrosoftIntuneManagementExtensionLogsClientHealth.log
}
if ($IntuneManagementExtension) {
Write-Host "Processing IntuneManagementExtension log" -ForegroundColor Inexperienced
Get-IntuneLogContent -FilePath C:ProgramDataMicrosoftIntuneManagementExtensionLogsIntuneManagementExtension.log
}
if ($Sensor) {
Write-Host "Processing Sensor log" -ForegroundColor Inexperienced
Get-IntuneLogContent -FilePath C:ProgramDataMicrosoftIntuneManagementExtensionLogsSensor.log
}
}
Obtain the script(s) from GitHub right here
