In a previous post I described on how to configure the Horizon Event database using the REST API’s. In this post I will describe on how you can retreive those events using a script that I have created. To get the first few events is easy, just use the /external/v1/audit-events api cmdlet and you get the first batch of events in an unsorted fashion. The script that I have created will get the events since a certain date and if you want only gets the types with a certain severity.
The script is created for Powershell 7 and has been tested with 7.3.4
Parameters
I have written 4 parameters into this script, 2 are mandatory and 2 are optional
- Credential
- This optional parameter needs to be a credential object from get-credential. If this is not supplied you will be asked to provide credentials in domain\username and password.
- ConnectionServerFQDN
- This mandatory parameter needs to be a string object with the fqdn of the connection server to connetc to i.e. server.domain.dom
- SinceDate
- This mandatory parameter needs to be a datetime object for the earliest date to get events for. for example use (get-date).adddays(-100) to get events up to 100 days old.
- AuditSeverityTypes
- This optional parameter needs to be an array with SeverityTypes to get events for. Allowed types are : INFO,WARNING,ERROR,AUDIT_SUCCESS,AUDIT_FAIL,UNKNOWN.
Usage
First I get my credentials using get-credential, you cna also import them from an xml using import-clixml creds.xml for example
$credentials = get-credential
Next I get all events for the last day using:
.\Horizon_Rest_Get_Events.ps1 -ConnectionServerFQDN pod1cbr1.loft.lab -sincedate (get-date).AddDays(-1) -Credential $credentials
Or just the ERROR and INFO events using:
.\Horizon_Rest_Get_Events.ps1 -ConnectionServerFQDN pod1cbr1.loft.lab -sincedate (get-date).AddDays(-100) -Credential $credentials -auditseveritytypes "ERROR","AUDIT_FAIL"
Yes I had to get back in days some further to get error events.
The Script
The script itself can be found on my github .