Last active
September 10, 2021 20:32
-
-
Save MyITGuy/e8b864e99542e26c8023f223ea53aee4 to your computer and use it in GitHub Desktop.
Reads events from the Cisco AnyConnect Secure Mobility Client to generate something close to the Message History from the client.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-AnyConnectMessageHistory { | |
| $regex = [regex]'Message type information sent to the user:|Message type prompt sent to the user:' | |
| $WinEvents = Get-WinEvent -LogName 'Cisco AnyConnect Secure Mobility Client' | Where-Object { $_.Message -match $regex } | ForEach-Object { | |
| $Event = $_ | |
| $_ | Add-Member -MemberType NoteProperty -Name 'MessageSentToUser' -Value ($Event | Select-Object -ExpandProperty Message | ForEach-Object { ($_ -replace $regex, '').Trim() } | Where-Object { $_ }) | |
| if ( [System.String]::IsNullOrEmpty($_.MessageSentToUser) -eq $true ) { $_.MessageSentToUser = 'Waiting for user response.' } | |
| $_ | Add-Member -MemberType NoteProperty -Name 'Date' -Value (Get-Date -Date $_.TimeCreated -Format d) | |
| $_ | Add-Member -MemberType NoteProperty -Name 'Time' -Value (Get-Date -Date $_.TimeCreated -Format "h:mm:ss tt") | |
| $_ | |
| } | |
| $WinEvents | Sort-Object -Property TimeCreated | Group-Object -Property Date | ForEach-Object { | |
| $GroupItems = $_ | |
| $Date = $GroupItems.Name | |
| $Entries = (($GroupItems | Select-Object -ExpandProperty Group | ForEach-Object { | |
| "`t$($_.Time) $($_.MessageSentToUser)" | |
| }) | Select-Object -Unique) -join "`r`n" | |
| "$($Date)`r`n$($Entries)" | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment