Compare commits
3 Commits
5edba53ffc
...
85c622f894
Author | SHA1 | Date | |
---|---|---|---|
85c622f894 | |||
4608f33c4a | |||
9f9078dbc8 |
@ -19,13 +19,7 @@ function Get-GraylogStreamId {
|
|||||||
$LogName
|
$LogName
|
||||||
)
|
)
|
||||||
|
|
||||||
# TODO: Use Secret Management module to get the Graylog API URI
|
$Stream = (Get-GraylogStreams).Where{$_.Title -eq $LogName}
|
||||||
if ($null -eq $global:GraylogStreams) {
|
|
||||||
$Response = Invoke-GraylogRequest GET "/streams"
|
|
||||||
$global:GraylogStreams = $Response.Streams
|
|
||||||
}
|
|
||||||
|
|
||||||
$Stream = $global:GraylogStreams.Where{$_.Title -eq $LogName}
|
|
||||||
if ($null -eq $Stream) { return $null }
|
if ($null -eq $Stream) { return $null }
|
||||||
return $Stream.Id
|
return $Stream.Id
|
||||||
}
|
}
|
24
Functions/Public/Get-GraylogStreamIds.ps1
Normal file
24
Functions/Public/Get-GraylogStreamIds.ps1
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
function Get-GraylogStreams {
|
||||||
|
<#
|
||||||
|
.SYNOPSIS
|
||||||
|
Gets the streams available in Graylog.
|
||||||
|
.DESCRIPTION
|
||||||
|
Gets a list of the streams available in Graylog.
|
||||||
|
.OUTPUTS
|
||||||
|
The streams available in Graylog.
|
||||||
|
.EXAMPLE
|
||||||
|
Get-GraylogStreams
|
||||||
|
Gets a list of the streams available in Graylog.
|
||||||
|
#>
|
||||||
|
param ()
|
||||||
|
|
||||||
|
try { $null = Get-Secret Graylog_BaseURI -Vault Graylog -AsPlainText -ErrorAction Stop }
|
||||||
|
catch {
|
||||||
|
try { $Response = Invoke-GraylogRequest GET "/streams" }
|
||||||
|
catch { throw $_.Exception.Message }
|
||||||
|
ConvertTo-Json $Response.Streams | Set-Secret Graylog_Streams -Vault Graylog -AsPlainText
|
||||||
|
}
|
||||||
|
|
||||||
|
$Streams = Get-Secret Graylog_Streams -Vault Graylog -AsPlainText -ErrorAction Stop
|
||||||
|
return ConvertFrom-Json $Streams
|
||||||
|
}
|
@ -49,6 +49,7 @@ function Invoke-GraylogRequest {
|
|||||||
[string]
|
[string]
|
||||||
$ContentType = "application/json"
|
$ContentType = "application/json"
|
||||||
)
|
)
|
||||||
|
if (-NOT (Test-GraylogSession -SkipSessionCheck)) { return } # Ensure that the Secrets are set
|
||||||
$Session = Get-Secret Graylog_Session -Vault Graylog -AsPlainText -ErrorAction Stop
|
$Session = Get-Secret Graylog_Session -Vault Graylog -AsPlainText -ErrorAction Stop
|
||||||
$Request = @{
|
$Request = @{
|
||||||
Method = $Method
|
Method = $Method
|
||||||
@ -57,5 +58,6 @@ function Invoke-GraylogRequest {
|
|||||||
ContentType = $ContentType
|
ContentType = $ContentType
|
||||||
}
|
}
|
||||||
if ($Body) { $Request.Body = $Body }
|
if ($Body) { $Request.Body = $Body }
|
||||||
Invoke-RestMethod @Request
|
try { Invoke-RestMethod @Request }
|
||||||
|
catch { throw $_.Exception.Message }
|
||||||
}
|
}
|
@ -31,7 +31,7 @@ function Search-Graylog {
|
|||||||
A identifier for various parts of the search job (SearchId, QueryId, FilterId) are generated and returned in a PSCustomObject, which can be used to retrieve the results of the search job.
|
A identifier for various parts of the search job (SearchId, QueryId, FilterId) are generated and returned in a PSCustomObject, which can be used to retrieve the results of the search job.
|
||||||
The SearchId, QueryId, and FilterId are used to retrieve the results of the search job using the Receive-GraylogJob function.
|
The SearchId, QueryId, and FilterId are used to retrieve the results of the search job using the Receive-GraylogJob function.
|
||||||
#>
|
#>
|
||||||
[Alias("Search-Graylog")]
|
[Alias("sg")]
|
||||||
param (
|
param (
|
||||||
[Parameter(Mandatory)]
|
[Parameter(Mandatory)]
|
||||||
[ValidateNotNullOrEmpty()]
|
[ValidateNotNullOrEmpty()]
|
||||||
@ -69,7 +69,7 @@ function Search-Graylog {
|
|||||||
$Detailed
|
$Detailed
|
||||||
)
|
)
|
||||||
|
|
||||||
$LogId = Get-GraylogLogStreamId -LogName $LogName
|
$LogId = Get-GraylogStreamId -LogName $LogName
|
||||||
if ($null -eq $LogId) { throw "The log stream '$LogName' does not exist." }
|
if ($null -eq $LogId) { throw "The log stream '$LogName' does not exist." }
|
||||||
$SearchId = [String]::Join('', [GUID]::NewGUID().GUID.Replace("-", "")[0..23]) # Generate a unique identifier for the search
|
$SearchId = [String]::Join('', [GUID]::NewGUID().GUID.Replace("-", "")[0..23]) # Generate a unique identifier for the search
|
||||||
$QueryId = [GUID]::NewGUID().GUID.ToString() # Generate a unique identifier for the query
|
$QueryId = [GUID]::NewGUID().GUID.ToString() # Generate a unique identifier for the query
|
||||||
|
@ -69,6 +69,7 @@ RequiredModules = @("Microsoft.PowerShell.SecretManagement", "Microsoft.PowerShe
|
|||||||
NestedModules = @(
|
NestedModules = @(
|
||||||
"Functions\Public\Connect-GraylogService.ps1",
|
"Functions\Public\Connect-GraylogService.ps1",
|
||||||
"Functions\Public\Disconnect-GraylogService.ps1",
|
"Functions\Public\Disconnect-GraylogService.ps1",
|
||||||
|
"Functions\Public\Get-GraylogStreams.ps1",
|
||||||
"Functions\Public\Get-GraylogStreamId.ps1",
|
"Functions\Public\Get-GraylogStreamId.ps1",
|
||||||
"Functions\Public\Initialize-GraylogServiceVault.ps1",
|
"Functions\Public\Initialize-GraylogServiceVault.ps1",
|
||||||
"Functions\Public\Invoke-GraylogRequest.ps1",
|
"Functions\Public\Invoke-GraylogRequest.ps1",
|
||||||
@ -83,6 +84,7 @@ NestedModules = @(
|
|||||||
FunctionsToExport = @(
|
FunctionsToExport = @(
|
||||||
"Connect-GraylogService",
|
"Connect-GraylogService",
|
||||||
"Disconnect-GraylogService",
|
"Disconnect-GraylogService",
|
||||||
|
"Get-GraylogStreams",
|
||||||
"Get-GraylogStreamId",
|
"Get-GraylogStreamId",
|
||||||
"Initialize-GraylogServiceVault",
|
"Initialize-GraylogServiceVault",
|
||||||
"Invoke-GraylogRequest",
|
"Invoke-GraylogRequest",
|
||||||
@ -100,7 +102,7 @@ CmdletsToExport = @()
|
|||||||
VariablesToExport = @()
|
VariablesToExport = @()
|
||||||
|
|
||||||
# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
|
# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
|
||||||
AliasesToExport = @("igsr", "Connect-Graylog", "Disconnect-Graylog")
|
AliasesToExport = @("Connect-Graylog", "Disconnect-Graylog", "igsr", "sg")
|
||||||
|
|
||||||
# DSC resources to export from this module
|
# DSC resources to export from this module
|
||||||
# DscResourcesToExport = @()
|
# DscResourcesToExport = @()
|
||||||
|
Loading…
Reference in New Issue
Block a user