Get-HgsTraceFileData
Gets metadata about and the contents of HGS Diagnostic trace files recorded in a trace manifest.
Syntax
Get-HgsTraceFileData
-File <String>
-Manifest <String>
-StartByte <Int64>
[<CommonParameters>] Get-HgsTraceFileData
-File <String>
-Manifest <String>
[-Length]
[<CommonParameters>] Description
The Get-HgsTraceFileData cmdlet gets segments of Host Guardian Service (HGS) Diagnostic trace files recorded in a trace file manifest generated by Get-HgsTrace, as well as length information. This cmdlet is utilized by the Get-HgsTrace cmdlet to securely get trace files over a Windows PowerShell® remote session that does not expose other portions of the file system.
Examples
Example 1: Get the length of a trace file
PS C:\> Get-TraceFileData -File "Certificates.xml" -Manifest "Traces.xml" -LengthThis command gets the length of the file named Certificates.xml file found in the Traces.xml manifest.
Example 2: Get a segment of a trace file contained in a manifest
PS C:\> Get-TraceFileData -File "Logs.evtx" -Manifest "Traces.xml" -StartByte 1024This command gets a segment, in bytes, from the file named Logs.evtx if it is found in the Traces.xml manifest. If the file is not found in the manifest, this cmdlet returns an error.
Parameters
-File
Specifies the full path of the file that you wish to query. The file must be in the manifest specified in the Manifest parameter.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Length
Indicates that this cmdlet gets the total length, in bytes, of the trace file, instead of a data segment.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Manifest
Specifies the path to the manifest file that documents the trace file specified in the File parameter.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-StartByte
Specifies the starting byte from which this cmdlet gets a segment of the trace file's data. This value must be greater than 0 but less than the total length of the requested file.
| Type: | Int64 |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Outputs
System.Int64,System.Byte[]