Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## Get AVD events which may include RDP shortpath negotiation
- ## Some lines will have a "json" property which includes more detail about the shortpath negotation
- ## Work in progress
- $boot=(gcim Win32_OperatingSystem).LastBootUpTime ;Get-WinEvent -oldest -FilterHashtable @{ ProviderName = 'Microsoft.RDInfra.RDAgent.EtwReader.RdpConnectionCheckpointParser'; id = 0 ; Starttime = $boot }|where message -match '^received event:\s*<Event\s+(.*)/>$'|select timecreated,@{n='Event';e={$matches[1]}} -PipelineVariable line |% {[hashtable]$h=@{ Time = $line.timecreated}; [regex]::Matches( $line.Event , '\s?([^=]+)=\s*"([^"]*)"\s?' ) |Select -Expand Captures| %{ if( $_.groups[1].value -ieq 'json' ) { try { $item = $_ ; $value = $item.groups[2].value -replace '"' ,'"' |convertfrom-json } catch {$value = "$($item.groups[2].value) }" -replace '"' ,'"' |convertfrom-json } } elseif( $_.groups[1].value -ieq 'msec' ) { $value = $boot.AddMilliseconds( $_.groups[2].value ) } else { $value = $_.groups[2].value } ; $h.Add( $_.groups[1].Value , $value ) };[pscustomobject]$h } |select -Exclude message -Property *,@{n='message';e={$_.message -replace ''' , ''''}} -ea 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
