[Xymon] Xymon Powershell Windows client

19 Feb 2015

      Hello Zak,
works perfect:
2015-02-19 12:34:41  Event Log processing - max payload: 1024 - wanted
logs: Application System Security
2015-02-19 12:34:41  Event log Application adding to payload
2015-02-19 12:34:41  Processing event log Application
2015-02-19 12:34:41  Setting thread/UI culture to en-US
2015-02-19 12:34:41  Resetting thread/UI culture to previous: de-DE /
en-US
2015-02-19 12:34:41  Event log Application entries since last scan: 7
2015-02-19 12:34:41  Found a configured filter for log Application
2015-02-19 12:34:41  Event log System adding to payload
2015-02-19 12:34:41  Processing event log System
2015-02-19 12:34:41  Setting thread/UI culture to en-US
2015-02-19 12:34:42  Resetting thread/UI culture to previous: de-DE /
en-US
2015-02-19 12:34:42  Event log System entries since last scan: 3
2015-02-19 12:34:42  Found a configured filter for log System
2015-02-19 12:34:42  Event log Security adding to payload
2015-02-19 12:34:42  Event log processing finished
Kind regards,
Lukas
Von:    <zak.beck at accenture.com>
An:     <lukas.kohl at ergodirekt.de>
Kopie:  <xymon at xymon.com>
Datum:  19.02.2015 11:51
Betreff:        [SPAM] RE: [Xymon] Xymon Powershell Windows client
Hi Lukas
Thanks for reporting this.
I have committed a patch based on your information - please try that.
Regards
Zak
-----Original Message-----
From: lukas.kohl at ergodirekt.de [mailto:lukas.kohl at ergodirekt.de]
Sent: 18 February 2015 16:00
To: Beck, Zak
Cc: xymon at xymon.com
Subject: [Xymon] Xymon Powershell Windows client
Hello Zak,
today I recognized, that the msgs were sent broken:
Full log eventlog_Security

02/18/2015 13:54:50 - Microsoft-Windows-Security-Auditing -
02/18/2015 13:54:50 - Microsoft-Windows-Security-Auditing -

Full log eventlog_Application

02/18/2015 13:54:51 - SceCli -

I managed to track the issue down to my CurrentCulture setting ($Host or
Get-Culture), which was de-DE at my Server. When I changed it to en-US,
everything seems to be correct again:
Full log eventlog_Application
Information - 02/18/2015 16:04:57 - nssm - Started
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy
RemoteSigned -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File
"C:\Program Files\xymonps\xymonclient.ps1" for service XymonPSClient in
C:\Windows\System32\WindowsPowerShell\v1.0.
Information - 02/18/2015 16:04:56 - nssm - Service XymonPSClient received
START control, which will be handled.
Information - 02/18/2015 16:04:55 - nssm - Killing PID 5100 in process
tree
of PID 5100 because service XymonPSClient is stopping.
Information - 02/18/2015 16:04:55 - nssm - Killing process tree of process
5100 for service XymonPSClient with exit code 0 Information - 02/18/2015
16:04:54 - nssm - Killing process
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe because service
XymonPSClient is stopping.
Information - 02/18/2015 16:04:54 - nssm - Service XymonPSClient received
STOP control, which will be handled.
Information - 02/18/2015 15:31:58 - Microsoft-Windows-Security-SPP - The
Software Protection service has stopped.
The Problem is, that the commands [string]$entry.LevelDisplayName and
[string]$entry.Message just return empty lines, when CurrentCulture is set
to anything different than en-US -->
http://powershell.com/cs/forums/p/14969/29273.aspx
The behaviour can be fixed, when surrounding the Get-WinEvent with a
different Culture (http://poshcode.org/2226):
function Set-Culture([System.Globalization.CultureInfo] $culture) {
[System.Threading.Thread]::CurrentThread.CurrentUICulture
= $culture
[System.Threading.Thread]::CurrentThread.CurrentCulture =
$culture }
$oldCulture = [System.Threading.Thread]::CurrentThread.CurrentUICulture
trap { Set-Culture $oldCulture }
Set-Culture en-US
$logentries = @(Get-WinEvent -ErrorAction:SilentlyContinue -FilterXML
$logFilterXML ` -MaxEvents $script:XymonSettings.MaxEvents)
Set-Culture $oldCulture
Aftwerwards, I can set the culture back to stock.
Kind regards,
Lukas
www.ergodirekt.de
Blog: http://blog.ergodirekt.de
Facebook: www.facebook.com/ERGODirekt
Google+: www.google.com/+ergodirekt
Twitter: www.twitter.com/ERGODirekt
YouTube: www.youtube.com/ERGODirekt

ERGO Direkt Lebensversicherung AG · Amtsgericht Fürth HRB 2787 · UST-ID-Nr. DE159593454
ERGO Direkt Versicherung AG · Amtsgericht Fürth HRB 2934 · UST-ID-Nr. DE159593438
ERGO Direkt Krankenversicherung AG · Amtsgericht Fürth HRB 4694 · UST-ID-Nr. DE159593446
Vorsitzender der Aufsichtsräte: Dr. Torsten Oletzky
Vorstände: Dr. Daniel von Borries (Vorsitzender), Ralf Hartmann, Dr. Jörg Stoffels
Sitz: Fürth
Adresse: Karl-Martell-Straße 60 · 90344 Nürnberg · Deutschland

[Xymon] Xymon Powershell Windows client

lukas.kohl＠ergodirekt.de

Hello Zak, today I recognized, that the msgs were sent broken:

I managed to track the issue down to my CurrentCulture setting ($Host or Get-Culture), which was de-DE at my Server. When I changed it to en-US, everything seems to be correct again: