chrdek · December 20, 2018 14:17
diff --git a/Filemon.ps1 b/Filemon.ps1
 <#
 .Synopsis
 Original file taken from https://gallery.technet.microsoft.com/scriptcenter/Powershell-FileSystemWatche-dfd7084b
 Adapted for monitoring visual studio debug crashes with delimited log files creation/modification

 .Description
 This script monitors only log files created or modified on a specified directory
 and creates the corresponding csv output per changed file content
 NOTE: Default target dir is C:\%APPDATA%\

 .Parameter unloadwatcher
 Add or remove the relevant filesystem event watchers used for monitoring

 .Example
 PS:\> .\Filemon.ps1
 Please enter your selection [L - Load Watchers] [U - Unload Watchers]: L

 Id     Name            PSJobTypeName   State         HasMoreData     Location             Command
 --     ----            -------------   -----         -----------     --------             -------
 1      FileCreated                     NotStarted    False                                ...
 2      FileChanged                     NotStarted    False                                ...

 PS:\> The file 'testlog23.log' was Changed at 12/20/2018 15:36:53
 The file 'testlog23.log' was Changed at 12/20/2018 15:36:53
 PS:\> The file 'filen2 - Copy.log' was Created at 12/20/2018 15:37:28
 The file 'filen2 - Copy.log' was Changed at 12/20/2018 15:37:28

 #>
 Function monitor-files {
 param([Parameter(Mandatory=$false)]
 [switch]$unloadwatcher
 )

 if ($unloadwatcher) {
 # To stop the monitoring, run the following commands:
 Unregister-Event FileCreated
 Unregister-Event FileChanged
 break;continue;
 }
 $folder = "$env:APPDATA\"; $filter = "*.log"
 if ( -not(Test-Path -PathType Leaf ".\output1.csv") ) { 
 Set-Content -Path "$env:APPDATA\output1.csv" -Value "TimeCreated|ComputerName|Problem|Empty|Class|FileName|ExceptionType|ExceptionMsg|StackTrace|LOC"
 }
 $fsw = New-Object IO.FileSystemWatcher $folder,$filter -Property @{IncludeSubdirectories = $false;NotifyFilter = [IO.NotifyFilters]'FileName, LastWrite'}

 Register-ObjectEvent $fsw Created -SourceIdentifier FileCreated -Action {
 $name = $Event.SourceEventArgs.Name
 $changeType = $Event.SourceEventArgs.ChangeType
 $timeStamp = $Event.TimeGenerated
 Write-Host "The file '$name' was $changeType at $timeStamp" -fore green
 }

 Register-ObjectEvent $fsw Changed -SourceIdentifier FileChanged -Action {
 $name = $Event.SourceEventArgs.Name
 $changeType = $Event.SourceEventArgs.ChangeType
 $timeStamp = $Event.TimeGenerated
 Write-Host "The file '$name' was $changeType at $timeStamp" -fore white
 $contchanged = (Get-Content -Path "$env:APPDATA\User.log" | Select -Last 1)
 Add-Content -Value $contchanged -Path "$env:APPDATA\output1.csv"
 }
 }
 $sel = Read-Host -Prompt "Please enter your selection [L - Load Watchers] [U - Unload Watchers]";
 if ($sel.toUpper() -eq 'L') {
 monitor-files
 }else {
 monitor-files -unloadwatcher
 }
	<#
	.Synopsis
	Original file taken from https://gallery.technet.microsoft.com/scriptcenter/Powershell-FileSystemWatche-dfd7084b
	Adapted for monitoring visual studio debug crashes with delimited log files creation/modification

	.Description
	This script monitors only log files created or modified on a specified directory
	and creates the corresponding csv output per changed file content
	NOTE: Default target dir is C:\%APPDATA%\

	.Parameter unloadwatcher
	Add or remove the relevant filesystem event watchers used for monitoring

	.Example
	PS:\> .\Filemon.ps1
	Please enter your selection [L - Load Watchers] [U - Unload Watchers]: L

	Id Name PSJobTypeName State HasMoreData Location Command
	-- ---- ------------- ----- ----------- -------- -------
	1 FileCreated NotStarted False ...
	2 FileChanged NotStarted False ...

	PS:\> The file 'testlog23.log' was Changed at 12/20/2018 15:36:53
	The file 'testlog23.log' was Changed at 12/20/2018 15:36:53
	PS:\> The file 'filen2 - Copy.log' was Created at 12/20/2018 15:37:28
	The file 'filen2 - Copy.log' was Changed at 12/20/2018 15:37:28

	#>
	Function monitor-files {
	param([Parameter(Mandatory=$false)]
	[switch]$unloadwatcher
	)

	if ($unloadwatcher) {
	# To stop the monitoring, run the following commands:
	Unregister-Event FileCreated
	Unregister-Event FileChanged
	break;continue;
	}
	$folder = "$env:APPDATA\"; $filter = "*.log"
	if ( -not(Test-Path -PathType Leaf ".\output1.csv") ) {
	Set-Content -Path "$env:APPDATA\output1.csv" -Value "TimeCreated\|ComputerName\|Problem\|Empty\|Class\|FileName\|ExceptionType\|ExceptionMsg\|StackTrace\|LOC"
	}
	$fsw = New-Object IO.FileSystemWatcher $folder,$filter -Property @{IncludeSubdirectories = $false;NotifyFilter = [IO.NotifyFilters]'FileName, LastWrite'}

	Register-ObjectEvent $fsw Created -SourceIdentifier FileCreated -Action {
	$name = $Event.SourceEventArgs.Name
	$changeType = $Event.SourceEventArgs.ChangeType
	$timeStamp = $Event.TimeGenerated
	Write-Host "The file '$name' was $changeType at $timeStamp" -fore green
	}

	Register-ObjectEvent $fsw Changed -SourceIdentifier FileChanged -Action {
	$name = $Event.SourceEventArgs.Name
	$changeType = $Event.SourceEventArgs.ChangeType
	$timeStamp = $Event.TimeGenerated
	Write-Host "The file '$name' was $changeType at $timeStamp" -fore white
	$contchanged = (Get-Content -Path "$env:APPDATA\User.log" \| Select -Last 1)
	Add-Content -Value $contchanged -Path "$env:APPDATA\output1.csv"
	}
	}
	$sel = Read-Host -Prompt "Please enter your selection [L - Load Watchers] [U - Unload Watchers]";
	if ($sel.toUpper() -eq 'L') {
	monitor-files
	}else {
	monitor-files -unloadwatcher
	}