Compare commits

...

3 Commits

5 changed files with 33 additions and 11 deletions

View File

@ -19,13 +19,7 @@ function Get-GraylogStreamId {
$LogName $LogName
) )
# TODO: Use Secret Management module to get the Graylog API URI $Stream = (Get-GraylogStreams).Where{$_.Title -eq $LogName}
if ($null -eq $global:GraylogStreams) {
$Response = Invoke-GraylogRequest GET "/streams"
$global:GraylogStreams = $Response.Streams
}
$Stream = $global:GraylogStreams.Where{$_.Title -eq $LogName}
if ($null -eq $Stream) { return $null } if ($null -eq $Stream) { return $null }
return $Stream.Id return $Stream.Id
} }

View File

@ -0,0 +1,24 @@
function Get-GraylogStreams {
<#
.SYNOPSIS
Gets the streams available in Graylog.
.DESCRIPTION
Gets a list of the streams available in Graylog.
.OUTPUTS
The streams available in Graylog.
.EXAMPLE
Get-GraylogStreams
Gets a list of the streams available in Graylog.
#>
param ()
try { $null = Get-Secret Graylog_BaseURI -Vault Graylog -AsPlainText -ErrorAction Stop }
catch {
try { $Response = Invoke-GraylogRequest GET "/streams" }
catch { throw $_.Exception.Message }
ConvertTo-Json $Response.Streams | Set-Secret Graylog_Streams -Vault Graylog -AsPlainText
}
$Streams = Get-Secret Graylog_Streams -Vault Graylog -AsPlainText -ErrorAction Stop
return ConvertFrom-Json $Streams
}

View File

@ -49,6 +49,7 @@ function Invoke-GraylogRequest {
[string] [string]
$ContentType = "application/json" $ContentType = "application/json"
) )
if (-NOT (Test-GraylogSession -SkipSessionCheck)) { return } # Ensure that the Secrets are set
$Session = Get-Secret Graylog_Session -Vault Graylog -AsPlainText -ErrorAction Stop $Session = Get-Secret Graylog_Session -Vault Graylog -AsPlainText -ErrorAction Stop
$Request = @{ $Request = @{
Method = $Method Method = $Method
@ -57,5 +58,6 @@ function Invoke-GraylogRequest {
ContentType = $ContentType ContentType = $ContentType
} }
if ($Body) { $Request.Body = $Body } if ($Body) { $Request.Body = $Body }
Invoke-RestMethod @Request try { Invoke-RestMethod @Request }
catch { throw $_.Exception.Message }
} }

View File

@ -31,7 +31,7 @@ function Search-Graylog {
A identifier for various parts of the search job (SearchId, QueryId, FilterId) are generated and returned in a PSCustomObject, which can be used to retrieve the results of the search job. A identifier for various parts of the search job (SearchId, QueryId, FilterId) are generated and returned in a PSCustomObject, which can be used to retrieve the results of the search job.
The SearchId, QueryId, and FilterId are used to retrieve the results of the search job using the Receive-GraylogJob function. The SearchId, QueryId, and FilterId are used to retrieve the results of the search job using the Receive-GraylogJob function.
#> #>
[Alias("Search-Graylog")] [Alias("sg")]
param ( param (
[Parameter(Mandatory)] [Parameter(Mandatory)]
[ValidateNotNullOrEmpty()] [ValidateNotNullOrEmpty()]
@ -69,7 +69,7 @@ function Search-Graylog {
$Detailed $Detailed
) )
$LogId = Get-GraylogLogStreamId -LogName $LogName $LogId = Get-GraylogStreamId -LogName $LogName
if ($null -eq $LogId) { throw "The log stream '$LogName' does not exist." } if ($null -eq $LogId) { throw "The log stream '$LogName' does not exist." }
$SearchId = [String]::Join('', [GUID]::NewGUID().GUID.Replace("-", "")[0..23]) # Generate a unique identifier for the search $SearchId = [String]::Join('', [GUID]::NewGUID().GUID.Replace("-", "")[0..23]) # Generate a unique identifier for the search
$QueryId = [GUID]::NewGUID().GUID.ToString() # Generate a unique identifier for the query $QueryId = [GUID]::NewGUID().GUID.ToString() # Generate a unique identifier for the query

View File

@ -69,6 +69,7 @@ RequiredModules = @("Microsoft.PowerShell.SecretManagement", "Microsoft.PowerShe
NestedModules = @( NestedModules = @(
"Functions\Public\Connect-GraylogService.ps1", "Functions\Public\Connect-GraylogService.ps1",
"Functions\Public\Disconnect-GraylogService.ps1", "Functions\Public\Disconnect-GraylogService.ps1",
"Functions\Public\Get-GraylogStreams.ps1",
"Functions\Public\Get-GraylogStreamId.ps1", "Functions\Public\Get-GraylogStreamId.ps1",
"Functions\Public\Initialize-GraylogServiceVault.ps1", "Functions\Public\Initialize-GraylogServiceVault.ps1",
"Functions\Public\Invoke-GraylogRequest.ps1", "Functions\Public\Invoke-GraylogRequest.ps1",
@ -83,6 +84,7 @@ NestedModules = @(
FunctionsToExport = @( FunctionsToExport = @(
"Connect-GraylogService", "Connect-GraylogService",
"Disconnect-GraylogService", "Disconnect-GraylogService",
"Get-GraylogStreams",
"Get-GraylogStreamId", "Get-GraylogStreamId",
"Initialize-GraylogServiceVault", "Initialize-GraylogServiceVault",
"Invoke-GraylogRequest", "Invoke-GraylogRequest",
@ -100,7 +102,7 @@ CmdletsToExport = @()
VariablesToExport = @() VariablesToExport = @()
# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export. # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
AliasesToExport = @("igsr", "Connect-Graylog", "Disconnect-Graylog") AliasesToExport = @("Connect-Graylog", "Disconnect-Graylog", "igsr", "sg")
# DSC resources to export from this module # DSC resources to export from this module
# DscResourcesToExport = @() # DscResourcesToExport = @()