VSoft Technologies Blogs

rss

VSoft Technologies Blogs - posts about our products and software development.

This is the last in a series of blog posts about PowerShell support in FinalBuilder 6.

  • Part One showed how to use one-liners to create powerful PowerShell execute conditions.
  • Part Two showed how to use PowerShell script events to parse output and change the behaviour of an action.

 

For this last post, I'm going to walk through creating a custom action which scans the Event Log and reports the frequency of messages from different sources.

The Script

Here are the parts of the PowerShell script that I'm going to use to implement the new action.

1) A custom function

WMI uses dmtf date formatting. This is a PowerShell function to create a dmtf datetime string representing (Now - $x hours) ago.

function dmtfWithin([int] $hours)
{
  [System.Management.ManagementDateTimeconverter]::ToDmtfDateTime `
    ([DateTime]::Now.AddHours(- $hours))
}

 

2) Read Action Properties

Action properties are loaded using the same syntax as other custom actions. If you've used ActionStudio before then this will look familiar. Coming in-the-pipeline are some CmdLets to make this look more like PowerShell and less like .NET.

# Set up parameters
$computerName = $Context.ExpandExpression($Context.Properties.PropertyAsString("ComputerName"), $True)
$hours = $Context.Properties.PropertyAsString("Hours")

 

3) Process Event Log

This is where the dirty work happens - build a WQL filter string, get the WMI objects for the event log entries, and build a hashtable mapping event source names to their frequencies. The particularly neat line is the last one with the % sign - that's shorthand for "for each".

# Read results
$filter = "TimeWritten > '" + (dmtfWithin($hours)) + "'"
$results = Get-WmiObject -computer $computerName -class Win32_NTLogEvent -filter $filter
$freqTable = @{}
$results | % { $freqTable[$_.SourceName] += 1 }

 

4) Log the Results

Log the contents of our hash table, sorted and formatted into a table:

# Log Results
$freqTable.GetEnumerator() | sort -descending Value | ft Value, Name -autosize -wrap

 

5) Set Result to True

The Result parameter determines whether or not to fail the action.

$Result = $True

 

Download

Click here to download a zip file with the custom action package. The unzipped .fbap file needs to be saved in the ActionDefs directory inside the FinalBuilder 6 program directory.

More Resources

The example action package "FBScriptExamples.fbap" comes with FinalBuilder, and contains some more sample PowerShell actions which can be loaded in ActionStudio.

The ActionStudioManual.pdf file (located in the FinalBuilder Program directory) contains a reference section with built-in custom action types and methods, and also some more information on creating PowerShell actions.

Some Notes

  • This is a pretty simple example, but (like the others) it is fairly simple to extend it to cover lots of other Windows-related tasks.
  • FYI, there is a dedicated Get-EventLog command in PowerShell. In this instance, I chose to use WMI instead because WMI can read from remote machines, and can read across all event logs. If you use the dedicated command, you need to choose a single event log to read from.

Showing 0 Comment


Comments are closed.