@@ -3,77 +3,97 @@ function Push-AuditLogTenant {
33 $ConfigTable = Get-CippTable - TableName ' WebhookRules'
44 $TenantFilter = $Item.TenantFilter
55
6- Write-Information " Audit Logs: Processing $ ( $TenantFilter ) "
7-
8- # Get CIPP Url, cleanup legacy tasks
9- $SchedulerConfig = Get-CippTable - TableName ' SchedulerConfig'
10- $LegacyWebhookTasks = Get-CIPPAzDataTableEntity @SchedulerConfig - Filter " PartitionKey eq 'webhookcreation'"
11- $LegacyUrl = $LegacyWebhookTasks | Select-Object - First 1 - ExpandProperty CIPPURL
12- $CippConfigTable = Get-CippTable - tablename Config
13- $CippConfig = Get-CIPPAzDataTableEntity @CippConfigTable - Filter " PartitionKey eq 'InstanceProperties' and RowKey eq 'CIPPURL'"
14- if ($LegacyUrl ) {
15- if (! $CippConfig ) {
16- $Entity = @ {
17- PartitionKey = ' InstanceProperties'
18- RowKey = ' CIPPURL'
19- Value = [string ]([System.Uri ]$LegacyUrl ).Host
6+ try {
7+ Write-Information " Audit Logs: Processing $ ( $TenantFilter ) "
8+ # Get CIPP Url, cleanup legacy tasks
9+ $SchedulerConfig = Get-CippTable - TableName ' SchedulerConfig'
10+ $LegacyWebhookTasks = Get-CIPPAzDataTableEntity @SchedulerConfig - Filter " PartitionKey eq 'webhookcreation'"
11+ $LegacyUrl = $LegacyWebhookTasks | Select-Object - First 1 - ExpandProperty CIPPURL
12+ $CippConfigTable = Get-CippTable - tablename Config
13+ $CippConfig = Get-CIPPAzDataTableEntity @CippConfigTable - Filter " PartitionKey eq 'InstanceProperties' and RowKey eq 'CIPPURL'"
14+ if ($LegacyUrl ) {
15+ if (! $CippConfig ) {
16+ $Entity = @ {
17+ PartitionKey = ' InstanceProperties'
18+ RowKey = ' CIPPURL'
19+ Value = [string ]([System.Uri ]$LegacyUrl ).Host
20+ }
21+ Add-CIPPAzDataTableEntity @CippConfigTable - Entity $Entity - Force
2022 }
21- Add-CIPPAzDataTableEntity @CippConfigTable - Entity $Entity - Force
22- }
23- # remove legacy webhooks
24- foreach ($Task in $LegacyWebhookTasks ) {
25- Remove-AzDataTableEntity - Force @SchedulerConfig - Entity $Task
23+ # remove legacy webhooks
24+ foreach ($Task in $LegacyWebhookTasks ) {
25+ Remove-AzDataTableEntity - Force @SchedulerConfig - Entity $Task
26+ }
27+ $CIPPURL = $LegacyUrl
28+ } else {
29+ $CIPPURL = ' https://{0}' -f $CippConfig.Value
2630 }
27- $CIPPURL = $LegacyUrl
28- } else {
29- $CIPPURL = ' https://{0}' -f $CippConfig.Value
30- }
3131
32- # Get webhook rules
33- $ConfigEntries = Get-CIPPAzDataTableEntity @ConfigTable
34- $LogSearchesTable = Get-CippTable - TableName ' AuditLogSearches'
32+ # Get webhook rules
33+ $ConfigEntries = Get-CIPPAzDataTableEntity @ConfigTable
34+ $LogSearchesTable = Get-CippTable - TableName ' AuditLogSearches'
3535
36- $Configuration = $ConfigEntries | Where-Object { ($_.Tenants -match $TenantFilter -or $_.Tenants -match ' AllTenants'
37- if ($Configuration ) {
38- try {
39- $LogSearches = Get-CippAuditLogSearches - TenantFilter $TenantFilter - ReadyToProcess | Select-Object - First 20
40- Write-Information (' Audit Logs: Found {0} searches, begin processing' -f $LogSearches.Count )
41- foreach ($Search in $LogSearches ) {
42- $SearchEntity = Get-CIPPAzDataTableEntity @LogSearchesTable - Filter " Tenant eq '$ ( $TenantFilter ) ' and RowKey eq '$ ( $Search.id ) '"
43- $SearchEntity.CippStatus = ' Processing'
44- Add-CIPPAzDataTableEntity @LogSearchesTable - Entity $SearchEntity - Force
45- try {
46- # Test the audit log rules against the search results
47- $AuditLogTest = Test-CIPPAuditLogRules - TenantFilter $TenantFilter - SearchId $Search.id
36+ $Configuration = $ConfigEntries | Where-Object { ($_.Tenants -match $TenantFilter -or $_.Tenants -match ' AllTenants'
37+ if ($Configuration ) {
38+ try {
39+ $LogSearches = Get-CippAuditLogSearches - TenantFilter $TenantFilter - ReadyToProcess | Select-Object - First 20
40+ Write-Information (' Audit Logs: Found {0} searches, begin processing' -f $LogSearches.Count )
41+ foreach ($Search in $LogSearches ) {
42+ $SearchEntity = Get-CIPPAzDataTableEntity @LogSearchesTable - Filter " Tenant eq '$ ( $TenantFilter ) ' and RowKey eq '$ ( $Search.id ) '"
43+ $SearchEntity.CippStatus = ' Processing'
44+ Add-CIPPAzDataTableEntity @LogSearchesTable - Entity $SearchEntity - Force
45+ try {
46+ # Test the audit log rules against the search results
47+ $AuditLogTest = Test-CIPPAuditLogRules - TenantFilter $TenantFilter - SearchId $Search.id
4848
49- $SearchEntity.CippStatus = ' Completed'
50- $MatchedRules = [string ](ConvertTo-Json - Compress - InputObject $AuditLogTest.MatchedRules )
51- $SearchEntity | Add-Member - MemberType NoteProperty - Name MatchedRules - Value $MatchedRules - Force
52- $SearchEntity | Add-Member - MemberType NoteProperty - Name MatchedLogs - Value $AuditLogTest.MatchedLogs - Force
53- $SearchEntity | Add-Member - MemberType NoteProperty - Name TotalLogs - Value $AuditLogTest.TotalLogs - Force
54- } catch {
55- $SearchEntity.CippStatus = ' Failed'
56- Write-Information " Error processing audit log rules: $ ( $_.Exception.Message ) "
57- $Exception = [string ](ConvertTo-Json - Compress - InputObject (Get-CippException - Exception $_ ))
58- $SearchEntity | Add-Member - MemberType NoteProperty - Name Error - Value $Exception
59- }
60- Add-CIPPAzDataTableEntity @LogSearchesTable - Entity $SearchEntity - Force
61- $DataToProcess = ($AuditLogTest ).DataToProcess
62- Write-Information " Audit Logs: Data to process found: $ ( $DataToProcess.count ) items"
63- if ($DataToProcess ) {
64- foreach ($AuditLog in $DataToProcess ) {
65- Write-Information " Processing $ ( $AuditLog.operation ) "
66- $Webhook = @ {
67- Data = $AuditLog
68- CIPPURL = [string ]$CIPPURL
69- TenantFilter = $TenantFilter
49+ $SearchEntity.CippStatus = ' Completed'
50+ $MatchedRules = [string ](ConvertTo-Json - Compress - InputObject $AuditLogTest.MatchedRules )
51+ $SearchEntity | Add-Member - MemberType NoteProperty - Name MatchedRules - Value $MatchedRules - Force
52+ $SearchEntity | Add-Member - MemberType NoteProperty - Name MatchedLogs - Value $AuditLogTest.MatchedLogs - Force
53+ $SearchEntity | Add-Member - MemberType NoteProperty - Name TotalLogs - Value $AuditLogTest.TotalLogs - Force
54+ } catch {
55+ if ($_.Exception.Message -match ' Request rate is large. More Request Units may be needed, so no changes were made. Please retry this request later.'
56+ $SearchEntity.CippStatus = ' Pending'
57+ Write-Information " Audit Log search: Rate limit hit for $ ( $SearchEntity.RowKey ) ."
58+ if ($SearchEntity.PSObject.Properties.Name -contains ' RetryCount'
59+ $SearchEntity.RetryCount ++
60+ } else {
61+ $SearchEntity | Add-Member - MemberType NoteProperty - Name RetryCount - Value 1
62+ }
63+ } else {
64+ $Exception = [string ](ConvertTo-Json - Compress - InputObject (Get-CippException - Exception $_ ))
65+ $SearchEntity | Add-Member - MemberType NoteProperty - Name Error - Value $Exception
66+ $SearchEntity.CippStatus = ' Failed'
67+ Write-Information " Error processing audit log rules: $ ( $_.Exception.Message ) "
68+ }
69+ $AuditLogTest = [PSCustomObject ]@ {
70+ DataToProcess = @ ()
71+ }
72+ }
73+ Add-CIPPAzDataTableEntity @LogSearchesTable - Entity $SearchEntity - Force
74+ $DataToProcess = ($AuditLogTest ).DataToProcess
75+ Write-Information " Audit Logs: Data to process found: $ ( $DataToProcess.count ) items"
76+ if ($DataToProcess ) {
77+ foreach ($AuditLog in $DataToProcess ) {
78+ Write-Information " Processing $ ( $AuditLog.operation ) "
79+ $Webhook = @ {
80+ Data = $AuditLog
81+ CIPPURL = [string ]$CIPPURL
82+ TenantFilter = $TenantFilter
83+ }
84+ try {
85+ Invoke-CippWebhookProcessing @Webhook
86+ } catch {
87+ Write-Information " Error processing webhook: $ ( $_.Exception.Message ) "
88+ }
7089 }
71- Invoke-CippWebhookProcessing @Webhook
7290 }
7391 }
92+ } catch {
93+ Write-Information ( ' Audit Log search: Error {0} line {1} - {2}' -f $_.InvocationInfo.ScriptName , $_.InvocationInfo.ScriptLineNumber , $_.Exception.Message )
7494 }
75- } catch {
76- Write-Information ( ' Audit Logs: Error {0} line {1} - {2}' -f $_.InvocationInfo.ScriptName , $_.InvocationInfo.ScriptLineNumber , $_.Exception.Message )
7795 }
96+ } catch {
97+ Write-Information ( ' Push-AuditLogTenant: Error {0} line {1} - {2}' -f $_.InvocationInfo.ScriptName , $_.InvocationInfo.ScriptLineNumber , $_.Exception.Message )
7898 }
7999}
0 commit comments