PowerShell script reference for Adaptable Log Channel

This section documents the available PowerShell function that is used with the Adaptable Log Channel driver. PowerShell scripts are stored in a relative sub-folder inside of drive:\Program Files\Venafi\Scripts; for the Adaptable Log Channel, the script is in the \AdaptableLog sub-folder.

IMPORTANT If you make changes to the PowerShell script used by an Adaptable Log Channel, you must open the corresponding log channel object and click Save to force the driver to re-read the script. Typically, the updated script becomes active in less than 60 seconds after saving the channel object.

DID YOU KNOW? To prevent vulnerabilities, the PowerShell scripts are stored on the Trust Protection Platform server. While it might have been more convenient to allow downloading the script through the Policy Tree, storing the scripts on the Trust Protection Platform server prevents potentially harmful scripts from affecting the server. Only privileged users on your Trust Protection Platform server can access the script.

Data is passed to the functions using hash tables (key-value pairs). Using hash tables enables the addition of new variables in future releases. For more information, see About hash tables for Adaptable Application.

BEST PRACTICE When customizing (or creating a new) PowerShell script, keep the following security best practices in mind:

Avoid hard-coding credentials into your PowerShell scripts.
Only include code in functions that relate to the task they are designated to perform.
Scripts should not do anything that could alter the integrity or availability of the local Windows system (the system that is hosting Trust Protection Platform).

About debug logging

When a user has requested debug logging by checking Enable Debug Logging for Adaptable FlowAdaptable Log ChannelAdaptable SSH Key Discovery, the driver sets a global variable called $DEBUG_FILE whenever it executes a PowerShell function. So your PowerShell script should reference the value of the $DEBUG_FILE variable to decide whether or not to log information for troubleshooting purposes. The value the driver assigns to the $DEBUG_FILE variable is a recommended file path name on the Trust Protection Platform server for use when logging events to a file. The file name is designed to be unique to the instance of the Adaptable component so as to avoid conflicts when multiple scripts are running at the same time and writing to the log file. If the recommended file name is used, the resulting log file appears in the <Venafi Home>\Logs directory by default (e.g. C:\Program Files\Venafi\Logs).

For information about where Enable Debug Logging is configured for Adaptable FlowAdaptable Log Channel, see Configuring the Adaptable Log Channel object.