Merge pull request #12 from Thumbscrew/follow-wait

"-Wait" switch added for following the log

public/Get-PSFirewallLog.ps1

@@ -23,20 +23,24 @@ function Get-PSFirewallLog {
         [string]
         $LogProfile,
 
-        # Number of firewall events to retrieve. Defaults to 0 (All events).
+        # Number of firewall events to retrieve. Defaults to -1 (All events).
         [Parameter(Mandatory = $false)]
         [int]
-        $Tail = 0,
+        $Tail = -1,
 
         # ComputerName to retrieve log from
         [Parameter(Mandatory = $true, ParameterSetName = 'remote')]
         [string]
-        $ComputerName
+        $ComputerName,
+
+        # Follow the log
+        [Parameter(Mandatory = $false)]
+        [switch]
+        $Wait
     )
     
     begin {
         if($PSCmdlet.ParameterSetName -eq 'auto') {
-            # $Path = [Environment]::ExpandEnvironmentVariables((Get-ItemProperty -Path ("HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\{0}Profile\Logging" -f $LogProfile) -Name "LogFilePath").LogFilePath)
             $Path = Get-PSFirewallLogPath -LogProfile $LogProfile -Verbose:$VerbosePreference
         }
         elseif($PSCmdlet.ParameterSetName -eq 'remote') {
@@ -59,55 +63,56 @@ function Get-PSFirewallLog {
         }
 
         if(Test-Path $logPath) {
-            $log = Get-Content $logPath
 
-            if($log.Length -gt 0) {
+            $members = @{
-                # Remove header lines
+                "Date" = 0
-                $log = $log[5..($log.Length - 1)]
+                "Time" = 1
-
+                "Action" = 2
-                if($Tail -gt 0) {
+                "Protocol" = 3
-                    $startIndex = if($Tail -lt $log.Length) { $log.Length - $Tail } else { 0 }
+                "SourceIP" = 4
-                    
+                "DestinationIP" = 5
-                    $log = $log[$startIndex..($log.Length - 1)]
+                "SourcePort" = 6
-                }
+                "DestinationPort" = 7
-
+                "Size" = 8
-                $members = @{
+                "TcpFlags" = 9
-                    "Date" = 0
+                "TcpSyn" = 10
-                    "Time" = 1
+                "TcpAck" = 11
-                    "Action" = 2
+                "TcpWin" = 12
-                    "Protocol" = 3
+                "IcmpType" = 13
-                    "SourceIP" = 4
+                "IcmpCode" = 14
-                    "DestinationIP" = 5
+                "Info" = 15
-                    "SourcePort" = 6
+                "Path" = 16
-                    "DestinationPort" = 7
-                    "Size" = 8
-                    "TcpFlags" = 9
-                    "TcpSyn" = 10
-                    "TcpAck" = 11
-                    "TcpWin" = 12
-                    "IcmpType" = 13
-                    "IcmpCode" = 14
-                    "Info" = 15
-                    "Path" = 16
-                }
-
-                $log | ForEach-Object {
-                    $line = $_
-                    $split = $line -split ('\s')
-
-                    $fwEvent = New-Object PSCustomObject
-
-                    foreach($member in $members.GetEnumerator() | Sort-Object Value) {
-                        $fwEvent | Add-Member NoteProperty -Name $member.Name -Value $split[$member.Value]
-                    }
-
-                    $fwEvent.pstypenames.insert(0, 'PSWinFW.Log.Event')
-
-                    $fwEvent
-                }
             }
-            else {
+
-                Write-Error "File $logPath has zero length."
+            $count = (Get-Content -Path $logPath).Count
+
+            # Check if outputting all events from the log and cut the first 5 lines that aren't events.
+            if(($Tail -lt 0) -or ($Tail -gt $count)) {
+                $Tail = $count - 5
+            }
+
+            Write-Verbose "Log has $count lines. Retrieving $Tail lines."
+
+            $c = "Get-Content -Path $logPath -Tail $Tail"
+
+            if($Wait) {
+                $c = "$c -Wait"
+            }
+
+            Invoke-Expression $c | ForEach-Object {
+                $line = $_
+
+                $split = $line -split ('\s')
+
+                $fwEvent = New-Object PSCustomObject
+
+                foreach($member in $members.GetEnumerator() | Sort-Object Value) {
+                    $fwEvent | Add-Member NoteProperty -Name $member.Name -Value $split[$member.Value]
+                }
+
+                $fwEvent.pstypenames.insert(0, 'PSWinFW.Log.Event')
+
+                $fwEvent
             }
         }
         else {

public/Get-PSFirewallLogPath.ps1

@@ -61,7 +61,7 @@ function Get-PSFirewallLogPath {
             if($statusChanged) {
                 Write-Verbose ("Reverting status of $serviceName Service to {0}." -f $remoteRegistry.Status)
                 # Set-Service -Name $serviceName -ComputerName $ComputerName -Status $remoteRegistry.Status
-                # Need to use Invoke-Command as Set-Service won't stop a service that has dependancies
+                # Need to use Invoke-Command as Set-Service won't stop a service that has dependencies
                 Invoke-Command -ComputerName $ComputerName -ScriptBlock { Stop-Service -Name "RemoteRegistry" }
                 
                 # Verify that service has been restored to its original state.