From 4fb4c6a55f9af9a8f39cd957c79de991b7b21a30 Mon Sep 17 00:00:00 2001
From: Lord Hepipud <contact@lordhepipud.de>
Date: Sat, 27 Aug 2022 20:38:25 +0200
Subject: [PATCH] Adds filtering options for EventLog parser

---
 doc/100-General/10-Changelog.md                           | 1 +
 lib/core/framework/Read-IcingaForWindowsLog.psm1          | 6 ++++--
 lib/core/framework/Read-IcingaWindowsEventLog.psm1        | 8 +++++++-
 lib/core/icingaagent/readers/Read-IcingaAgentLogFile.psm1 | 7 ++++++-
 4 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/doc/100-General/10-Changelog.md b/doc/100-General/10-Changelog.md
index ccf9f6ad..f2d49da6 100644
--- a/doc/100-General/10-Changelog.md
+++ b/doc/100-General/10-Changelog.md
@@ -42,6 +42,7 @@ Released closed milestones can be found on [GitHub](https://github.com/Icinga/ic
 * [#534](https://github.com/Icinga/icinga-powershell-framework/pull/534) Improves Icinga and Director configuration generator, by wrapping PowerShell arrays inside `@()` instead of simply writing them comma separated
 * [#536](https://github.com/Icinga/icinga-powershell-framework/pull/536) Adds new function `Test-IcingaArrayFilter` for easier include and exclude filtering during plugin runtime and to allow filtering of array content for intended values only
 * [#560](https://github.com/Icinga/icinga-powershell-framework/pull/560) Improves handling for Icinga Management Console which will now terminate itself during full uninstallation and restarts after updating the Icinga PowerShell Framework, to apply changes directly
+* [#569](https://github.com/Icinga/icinga-powershell-framework/pull/569) Adds `-Include` and `-Exclude` filter for EventLog CLI parser, to only contain certain messages or exclude them from the output
 
 ## 1.9.2 (2022-06-03)
 
diff --git a/lib/core/framework/Read-IcingaForWindowsLog.psm1 b/lib/core/framework/Read-IcingaForWindowsLog.psm1
index c0d1a695..6b2bccec 100644
--- a/lib/core/framework/Read-IcingaForWindowsLog.psm1
+++ b/lib/core/framework/Read-IcingaForWindowsLog.psm1
@@ -1,8 +1,10 @@
 function Read-IcingaForWindowsLog()
 {
     param (
-        [array]$Source = @()
+        [array]$Source  = @(),
+        [array]$Include = @(),
+        [array]$Exclude = @()
     );
 
-    Read-IcingaWindowsEventLog -LogName 'Icinga for Windows' -Source $Source -MaxEntries 500;
+    Read-IcingaWindowsEventLog -LogName 'Icinga for Windows' -Source $Source -MaxEntries 500 -Include $Include -Exclude $Exclude;
 }
diff --git a/lib/core/framework/Read-IcingaWindowsEventLog.psm1 b/lib/core/framework/Read-IcingaWindowsEventLog.psm1
index cbb350d8..03a26fe4 100644
--- a/lib/core/framework/Read-IcingaWindowsEventLog.psm1
+++ b/lib/core/framework/Read-IcingaWindowsEventLog.psm1
@@ -3,6 +3,8 @@ function Read-IcingaWindowsEventLog()
     param (
         [string]$LogName = 'Application',
         [array]$Source   = @(),
+        [array]$Include  = @(),
+        [array]$Exclude  = @(),
         [int]$MaxEntries = 500
     );
 
@@ -17,7 +19,7 @@ function Read-IcingaWindowsEventLog()
     $MaxEvents   = 40000;
 
     while ($TRUE) {
-        [array]$IcingaEvents    = Get-WinEvent -LogName $LogName -MaxEvents $MaxEvents -ErrorAction Stop;
+        [array]$IcingaEvents    = Get-WinEvent -LogName $LogName -MaxEvents $MaxEvents -ErrorAction SilentlyContinue;
         [int]$CurrentIndex      = $MaxEntries;
         [array]$CollectedEvents = @();
 
@@ -43,6 +45,10 @@ function Read-IcingaWindowsEventLog()
                 break;
             }
 
+            if ((Test-IcingaArrayFilter -InputObject $event.Message -Include $Include -Exclude $Exclude) -eq $FALSE) {
+                continue;
+            }
+
             $CollectedEvents += $event;
         }
 
diff --git a/lib/core/icingaagent/readers/Read-IcingaAgentLogFile.psm1 b/lib/core/icingaagent/readers/Read-IcingaAgentLogFile.psm1
index 0e376a61..f7354fb8 100644
--- a/lib/core/icingaagent/readers/Read-IcingaAgentLogFile.psm1
+++ b/lib/core/icingaagent/readers/Read-IcingaAgentLogFile.psm1
@@ -1,9 +1,14 @@
 function Read-IcingaAgentLogFile()
 {
+    param (
+        [array]$Include = @(),
+        [array]$Exclude = @()
+    );
+
     if ((Test-IcingaAgentFeatureEnabled -Feature 'windowseventlog') -And ([version](Get-IcingaAgentVersion).Full) -ge (New-IcingaVersionObject -Version '2.13.0')) {
 
         # Icinga 2.13.0 and beyond will log directly into the EventLog
-        Read-IcingaWindowsEventLog -LogName 'Application' -Source 'Icinga 2' -MaxEntries 500;
+        Read-IcingaWindowsEventLog -LogName 'Application' -Source 'Icinga 2' -MaxEntries 500 -Include $Include -Exclude $Exclude;
     } else {
         $Logfile = Join-Path -Path (Get-IcingaAgentLogDirectory) -ChildPath 'icinga2.log';
         if ((Test-Path $Logfile) -eq $FALSE) {