Summary
Standardized all ~140 PowerShellLog messages across 50 files to a consistent [Category] action=verb key=value format for machine-parseable structured logging compatible with Splunk, ELK, and Datadog.
Changes
- Adopted
[Category] action=camelCaseVerb key=value key="quoted value" format
- Space-separated key=value pairs (no commas) for native Splunk KV_MODE=auto extraction
- 24 categories: DelegatedAccess, Remoting, Remoting(SOAP), JWT, Security, Trust, ApiKey, Profile, Session, Console, ISE, Runner, Report, Task, Rule, Provider, Upload, Gutter, Pipeline, Timer, Command, Dialog, Host, Settings
- Promoted security-relevant Info/Warn to Audit: access denied, script execution, authentication, session elevation, path traversal
- Demoted noisy autocomplete/help requests from Info to Debug
- Omitted user= from Audit() calls where framework auto-appends context user
- Excluded pass-through logging (WriteLogCommand, ScriptingHostUserInterface, raw script body Debug lines)
Related
Summary
Standardized all ~140 PowerShellLog messages across 50 files to a consistent
[Category] action=verb key=valueformat for machine-parseable structured logging compatible with Splunk, ELK, and Datadog.Changes
[Category] action=camelCaseVerb key=value key="quoted value"formatRelated