Using WMI Log File Event Consumer DSC resource

If you have not seen the earlier articles in this series, I had written about:

In today’s article, I will show you how the WMI Log File Event Consumer DSC resource can be used. I will show you how this specific DSC resource is used and then show you a complete configuration script using this resource to write to a log file every time a removable device is inserted into the system.

Creating DSC Log File Event Consumer

We can write to text log files in response to an event using the Log File Event Consumer. This has three mandatory properties.

The FileName property takes the full path to the log file that needs to be created. If the file exists, the contents specified in the Text property will be appended. If the file does not exist, it will be created. The Name property is the unique identity given to the resource instance. In the optional properties, you can use the MaximumFileSize to auto-rotate the log file after a certain size. By default, this is set to 65,535. The final and another optional property is the IsUnicode property. If you want the log file to be encoded in Unicode, you can set it to True.

The following configuration script shows how to use this resource.

cWMILogFileConsumer LogFileConsumer {
   Name = 'UFDLogFile'
   Filename = 'C:\Logs\Backup.log'
   Text = 'Removable drive with volume name backup is found. Backup will be initiated.'
   Ensure = 'Present'
}

In the above configuration script, we are writing to C:\Logs\Backup.log every time we find a removable drive gets inserted with a volume label ‘Backup’.

Coming to the complete configuration script, we have an event filter that triggers every time a removal device with volume name ‘Backup’ is attached to the system, the above configuration script that writes to a log file in response to the event, and an event binding that binds the filter and consumer together.

Configuration BackuptoUFD {
    Import-DscResource -Module cWMIPermanentEvents
    cWMIEventFilter UFDDetection {
       Name = 'UFDFilter'
       Query = "SELECT * FROM __InstanceCreationEvent WITHIN 2 WHERE
       TargetInstance ISA 'Win32_Volume' AND
       TargetInstance.Label='Backup' AND
       TargetInstance.DriveType=2"
       EventNamespace = 'root\cimv2'
       Ensure = 'Present'
    }

    cWMILogFileConsumer UFDLogFile {
       Name = 'UFDLogFile'
       Filename = 'C:\Logs\Backup.log'
       Text = 'Removable drive with volume name backup is found. Backup will be initiated.'
       Ensure = 'Present'
    }

    cWMIEventBinding UFDCommandLineBinding {
       Filter = 'UFDFilter'
       Consumer = 'UFDLogFile'
       ConsumerType = 'LogFile'
       DependsOn = '[WMIEventFilter]UFDDetection','[WMILogFileConsumer]UFDLogFile'
       Ensure = 'Present'
    }
}

BackuptoUFD

This is it. This brings us to the end of this article. In the next article in this series, we will look at the NT Event Log consumer DSC resource. Stay tuned!

Share on:
comments powered by Disqus