Write custom logs via PowerShell

using namespace System.Net

# Input bindings are passed in via param block.

param(

R e q u e s t,

TriggerMetadata)

# Interact with query parameters or the body of the request.

L o g C o n t e n t =

Request.Body.LogContent

L o g T y p e =

Request.Body.LogType

Function Build-Signature (

c u s t o m e r I d,

sharedKey,

d a t e,

contentLength,

m e t h o d,

contentType, $resource){

x H e a d e r s = " x - m s - d a t e : " +

date

s t r i n g T o H a s h =

method + "`n" +

c o n t e n t L e n g t h + " ‘ n " +

contentType + "`n" +

x H e a d e r s + " ‘ n " +

resource

b y t e s T o H a s h = [T e x t . E n c o d i n g] :: U T F 8. G e t B y t e s (

stringToHash)

k e y B y t e s = [C o n v e r t] :: F r o m B a s e 64 S t r i n g (

sharedKey)

$sha256 = New-Object System.Security.Cryptography.HMACSHA256

s h a 256. K e y =

keyBytes

c a l c u l a t e d H a s h =

sha256.ComputeHash($bytesToHash)

e n c o d e d H a s h = [C o n v e r t] :: T o B a s e 64 S t r i n g (

calculatedHash)

a u t h o r i z a t i o n =^{'} S h a r e d K e y 0 : 1^{'} - f

customerId,$encodedHash

return $authorization

}

Function Post-LogAnalyticsData (

c u s t o m e r I d,

sharedKey,

b o d y,

logType){

$method = "POST"

$contentType = "application/json"

$resource = "/api/logs"

$rfc1123date = ([DateTime]::UtcNow).ToString("r")

c o n t e n t L e n g t h =

body.Length

s i g n a t u r e = B u i l d - S i g n a t u r e - c u s t o m e r I d

customerId -sharedKey

s h a r e d K e y - d a t e

rfc1123date -contentLength

c o n t e n t L e n g t h - m e t h o d

method -contentType

c o n t e n t T y p e - r e s o u r c e

resource

u r i = " h t t p s : / / " +

customerId + ".ods.opinsights.azure.com" + $resource + "?api-version=2016-04-01"

$headers = @{

"Authorization" = $signature;

"Log-Type" = $logType;

"x-ms-date" = $rfc1123date;

}

r e s p o n s e = I n v o k e - W e b R e q u e s t - U r i

uri -Method

m e t h o d - C o n t e n t T y p e

contentType -Headers

h e a d e r s - B o d y

body -UseBasicParsing

return $response.StatusCode

}

$customerId = "06637cbc-c2ea-4093-acc8-fff2aac4fc6c"

$sharedKey = "ap7wS+3ec1DLA/2X/0BDiG7ojrAi9U3EI16o3VhrGeH74KWwrtUmVB5eS9V0vQPWTBLXmU9ZGQy8n1AInChkpw=="

$LogType = "ADDCNetlogonLogs"

$Properties = [Ordered] @{

"ComputerName" = $env:computername

"User" = $env:Username

}

C u s t o m L o g s = N e w - O b j e c t - T y p e N a m e " P S O b j e c t " - P r o p e r t y

Properties | ConvertTo-JSON -Depth 10

#Submit the data to the API endpoint

$params = @{

CustomerId = $customerId

SharedKey = $sharedKey

Body = ([System.Text.Encoding]::UTF8.GetBytes($CustomLogs))

LogType = $LogType

}

$LogResponse = Post-LogAnalyticsData @params

$LogResponse