search

jdhitsolutions / PSScriptTools

:wrench: :hammer: A set of PowerShell functions you might use to enhance your own functions and scripts or to facilitate working in the console. Most should work in both Windows PowerShell and PowerShell 7, even cross-platform. Any operating system limitations should be handled on a per command basis. The Samples folder contains demonstration script files
MIT License
901 stars 112 forks source link

[Bug]: Convert-EventLogRecord Fails to Parse Bits-Client XML due to Id value #143

Open cutaway opened 9 months ago

cutaway commented 9 months ago

Describe the problem

The EventData in the Bits-Client log contains a field named 'Id' (note lowercase d). When processing the log's message a new key is created for the 'Id' field but the dictionary already contains an 'ID' field for the event's Event ID. This results in an error message for each of the Bits Event Log messages.

Expectation

The EventData 'Id' field should not cause an issue and the event data should be parsed correctly.

Additional Information

The following output has been modified slightly to obfuscate the information.

PS Client-Win10 [12/13/2023 17:42:19]> Get-WinEvent -FilterHashtable @{ LogName='Microsoft-Windows-Bits-Client/Operational'; Id='59'} -MaxEvents 1 | Format-List TimeCreated,Message,EventData

TimeCreated : 12/13/2023 01:33:18 PM
Message     : BITS started the NucleusUpdateRingConfigJSON transfer job that is associated with the
              https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=xxxxxxxxxxxxxxxxxxxxxxxxxxx URL.

PS Client-Win10 [12/13/2023 17:43:33]> Get-WinEvent -FilterHashtable @{  LogName='Microsoft-Windows-Bits-Client/Operational'; Id='59' } -MaxEvents 1 | Convert-EventLogRecord
Exception calling "Add" with "2" argument(s): "Item has already been added. Key in dictionary: 'ID'  Key
being added: 'Id'"
At C:\Program
Files\WindowsPowerShell\Modules\PSScriptTools\2.48.0\functions\Convert-EventLogRecord.ps1:61 char:25
+                         $h.add($name, $Value)
+                         ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : ArgumentException

LogName                  : Microsoft-Windows-Bits-Client/Operational
RecordType               : Information
TimeCreated              : 12/13/2023 01:33:18 PM
ID                       : 59
transferId               : {4081xxxx-xxxx-xxxx-xxxx-xxxx42faf2b8}
name                     : NucleusUpdateRingConfigJSON
url                      : https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=xxxxxxxxxxxxxxxxxxxxxxxxxxx 

peer                     :
fileTime                 : 2023-12-13T19:30:23.0000000Z
fileLength               : 75675
bytesTotal               : 75675
bytesTransferred         : 0
bytesTransferredFromPeer : 0
Message                  : BITS started the NucleusUpdateRingConfigJSON transfer job that is associated
                           with the https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=xxxxxxxxxxxxxxxxxxxxxxxxxxx URL.
Keywords                 : {}
Source                   : Microsoft-Windows-Bits-Client
Computername             : client-win10

PowerShell version

5.1

Platform

Windows 10 Pro or Enterprise

Additional Checks

jdhitsolutions commented 6 months ago

I will have to dig into this.

jdhitsolutions commented 4 months ago

This should be fixed in v2.49.0 if you want to update and test.