Audit log error handling

JohnDuprey · JohnDuprey · commit 848f408ded34 · 2024-10-11T17:48:58.000-04:00
diff --git a/Modules/CIPPCore/Public/AuditLogs/Get-CippAuditLogSearchResults.ps1 b/Modules/CIPPCore/Public/AuditLogs/Get-CippAuditLogSearchResults.ps1
@@ -18,6 +18,6 @@ function Get-CippAuditLogSearchResults {
     )
 
     process {
-        New-GraphGetRequest -uri ('https://graph.microsoft.com/beta/security/auditLog/queries/{0}/records?$top=999' -f $QueryId) -AsApp $true -tenantid $TenantFilter
+        New-GraphGetRequest -uri ('https://graph.microsoft.com/beta/security/auditLog/queries/{0}/records?$top=999' -f $QueryId) -AsApp $true -tenantid $TenantFilter -ErrorAction Stop
     }
 }
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ListAuditLogSearches.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ListAuditLogSearches.ps1
@@ -20,7 +20,11 @@ function Invoke-ListAuditLogSearches {
                 } | ConvertTo-Json -Depth 10 -Compress
             }
             'SearchResults' {
-                $Results = Get-CippAuditLogSearchResults -TenantFilter $Request.Query.TenantFilter -QueryId $Request.Query.SearchId
+                try {
+                    $Results = Get-CippAuditLogSearchResults -TenantFilter $Request.Query.TenantFilter -QueryId $Request.Query.SearchId
+                } catch {
+                    $Results = @{ Error = $_.Exception.Message }
+                }
                 $Body = @{
                     Results  = @($Results)
                     Metadata = @{
diff --git a/Modules/CIPPCore/Public/Webhooks/Test-CIPPAuditLogRules.ps1 b/Modules/CIPPCore/Public/Webhooks/Test-CIPPAuditLogRules.ps1
@@ -35,7 +35,13 @@ function Test-CIPPAuditLogRules {
         }
     }
     #write-warning 'Getting audit records from Graph API'
-    $SearchResults = Get-CippAuditLogSearchResults -TenantFilter $TenantFilter -QueryId $SearchId
+    try {
+        $SearchResults = Get-CippAuditLogSearchResults -TenantFilter $TenantFilter -QueryId $SearchId
+    } catch {
+        Write-Warning "Error getting audit logs: $($_.Exception.Message)"
+        Write-LogMessage -API 'Webhooks' -message "Error getting audit logs for search $($SearchId)" -LogData (Get-CippException -Exception $_) -sev Error -tenant $TenantFilter
+        throw $_
+    }
     $LogCount = ($SearchResults | Measure-Object).Count
     $RunGuid = New-Guid
     Write-Warning "Logs to process: $LogCount - RunGuid: $($RunGuid) - $($TenantFilter)"

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,6 @@ function Get-CippAuditLogSearchResults {`
`18`	`18`	`)`
`19`	`19`
`20`	`20`	`process {`
`21`		`- New-GraphGetRequest -uri ('https://graph.microsoft.com/beta/security/auditLog/queries/{0}/records?$top=999' -f $QueryId) -AsApp $true -tenantid $TenantFilter`
	`21`	`+ New-GraphGetRequest -uri ('https://graph.microsoft.com/beta/security/auditLog/queries/{0}/records?$top=999' -f $QueryId) -AsApp $true -tenantid $TenantFilter -ErrorAction Stop`
`22`	`22`	`}`
`23`	`23`	`}`