For the eventviewer i want default viewconfigs for each entry in the event-tree. These channel_i.xml are stored under $env:ProgramData\Microsoft\Event Viewer in folders according to the tree structure. Sadly there seems to be no standard behaviour to map the Logname to its config-file location. Is there a function to get this? Target locale is german. Currently i'm using a custom function with all the exceptions in a hashtable returning the original string if it wasn't found. Main Code is
Get-WinEvent -ListLog * | % {
if($windows.Contains($_.LogName)){
writeFile $builtin (localize $_.LogName)
}else{
$components = $_.Logname.Split("/")
if($components.Count -gt 1) {
$name = $components[1]
$components= $components[0].Split("-")
}else{
[System.Collections.ArrayList]$components= $components[0].Split("-")
$name = $components[-1]
$components.RemoveAt($components.Count-1)
}
if($components.Count -gt 2){
$components = $components[0..1] +($components[2..($components.Count-1)] -join "-")
}
$path = localize ($components -join "\")
WriteFile "$app\$path" (localize $name)
}
}
Full Code can be found under https://pastebin.com/Cn4JSmLL
