Fixed issue with header (#4)

* Fixed issue with header Wasn't being treated as array if only 1 item returned * Maintain prior changes Maintan table from previous * Missing table row added Added missing table row
microsoft · Oct 27, 2017 · 440d048 · 440d048
1 parent 5ea1a5c
commit 440d048
Showing 1 changed file with 12 additions and 4 deletions.
diff --git a/AdfsEventsModule.psm1 b/AdfsEventsModule.psm1
@@ -273,7 +273,9 @@ function GetHTTPRequestInformation
     [System.Management.Automation.Runspaces.PSSession]$Session)
 
     #Retreive 403 (Request) and 404 (Response) events along with corresponding 510's from security log
-    $RequestAndResponseEvents = Get403And404Events -CorrID $CorrID -Session $Session
+    $RequestAndResponseEvents = @()
+    $RequestAndResponseEvents += Get403And404Events -CorrID $CorrID -Session $Session
+
     $HeaderEvents = @()
     foreach($Event in $RequestAndResponseEvents)
     {
@@ -289,6 +291,7 @@ function GetHTTPRequestInformation
     {
         $CurrentID = $RequestAndResponseEvents[$I].ID
 
+
         if($CurrentID -eq 403)
         {
             $HeaderObject.QueryString = $RequestAndResponseEvents[$I].RemoteProperties[4] + $RequestAndResponseEvents[$I].RemoteProperties[5] +  $RequestAndResponseEvents[$I].RemoteProperties[6]
@@ -308,7 +311,7 @@ function GetHTTPRequestInformation
             $HeaderObject = CreateHeaderObject #Clear object for next iteration of loop
         }
 
-        if(($I % 2 -eq 0 -and $CurrentID -eq 404) -or ($I %2 -eq 1 -and $CurrentID -eq 403))
+        if(($I % 2 -eq 0 -and $CurrentID -eq 404) -or ($I %2 -eq 1 -and $CurrentID -eq 403) -or ($CurrentID -eq 403 -and $I -eq $RequestAndResponseEvents.length-1) )
         {
             #Expecting each 403 to be followed by a 404. Each 403 should have an even index and each 404 should have an odd index in the list.
             Write-Warning "Unable to match request and response headers"
@@ -382,7 +385,7 @@ function Write-ADFSEventsSummary
         $row.CorrelationID = $Event.CorrelationID
         $row.Machine = $Event.MachineName
         $row.Log = $Event.LogName
-        $row.Level = $Event.LevelDisplayName
+	$row.Level = $Event.LevelDisplayName
 
         #Add the row to the table
         $table.Rows.Add($row)    
@@ -496,6 +499,11 @@ function Get-ADFSEvents
         foreach($Event in $Events)
         {
             $ID = [string] $Event.CorrelationID
+
+            if($CorrelationID -ne "" -and $CorrelationID -ne $ID)
+            {
+                continue #Unrelated event mentioned correlation id in data blob
+            }
 
             if(![string]::IsNullOrEmpty($ID) -and $HashTable.Contains($ID)) #Add event to exisiting list
             {
@@ -545,4 +553,4 @@ function Get-ADFSEvents
 
 }
 Export-ModuleMember -Function Get-ADFSEvents
-Export-ModuleMember -Function Write-ADFSEventsSummary
+Export-ModuleMember -Function Write-ADFSEventsSummary