Question:
My question may seem duplicate of PowerShell “echo on”, but it is not.
I am not interested in capturing the command output, but in the command line itself of every command executed by the script, including the native commands.
This is what “echo on” in cmd does and this is what I am looking for. Set-PSDebug -Trace 1 does not do it and neither passing the -Verbose flag.
So far I have not see a way except outputing them myself, which is a huge pain in itself.
So, can Powershell do what “echo on” does in cmd?
EDIT 1
Not ideal, but I would accept an answer suggesting to use a wrapper function which would receive a command (native or powershell) with parameters and run the command while faithfully logging the respective command line. Of course, the wrapper function code should be part of the answer.
EDIT 2
The following trivial example demonstrates why Set-PSDebug -Trace 1 does not do it:
|
1 2 3 |
tasklist ` /fi "status eq running" | Select-Object -First 4 |
Please, observe:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
C:\> cat C:\temp\1.ps1 tasklist ` /fi "status eq running" | Select-Object -First 4 C:\> Set-PSDebug -Trace 1 C:\> C:\temp\1.ps1 DEBUG: 1+ >>>> C:\temp\1.ps1 DEBUG: 1+ >>>> tasklist ` Image Name PID Session Name Session# Mem Usage ========================= ======== ================ =========== ============ csrss.exe 756 Console 1 2,816 K C:\> |
EDIT 3
For comparison, observe an equivalent script in cmd with echo on:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
C:\>type c:\temp\1.cmd @echo on tasklist ^ /fi "status eq running" |findstr/n ^^|findstr "^[1-4]:" C:\>c:\temp\1.cmd C:\>tasklist /fi "status eq running" | findstr/n ^ | findstr "^[1-4]:" 1: 2:Image Name PID Session Name Session# Mem Usage 3:========================= ======== ================ =========== ============ 4:csrss.exe 756 Console 1 2,328 K C:\> |
EDIT 4
start-transcript does not do it either:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
C:\WINDOWS\system32> cat c:\temp\1.ps1 tasklist ` /fi "status eq running" | Select-Object -First 4 | Out-Default C:\WINDOWS\system32> Start-Transcript Transcript started, output file is ~\Documents\PowerShell_transcript.L-PF0TBKV7.Sr1ntThx.20190611143800.txt C:\WINDOWS\system32> c:\temp\1.ps1 Image Name PID Session Name Session# Mem Usage ========================= ======== ================ =========== ============ csrss.exe 756 Console 1 2,936 K C:\WINDOWS\system32> Stop-Transcript Transcript stopped, output file is ~\Documents\PowerShell_transcript.L-PF0TBKV7.Sr1ntThx.20190611143800.txt C:\WINDOWS\system32> cat ~\Documents\PowerShell_transcript.L-PF0TBKV7.Sr1ntThx.20190611143800.txt ********************** Windows PowerShell transcript start Start time: 20190611143800 Username: xyz\me RunAs User: xyz\me Configuration Name: Machine: L-PF0TBKV7 (Microsoft Windows NT 10.0.16299.0) Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process ID: 25508 PSVersion: 5.1.16299.1004 PSEdition: Desktop PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.16299.1004 BuildVersion: 10.0.16299.1004 CLRVersion: 4.0.30319.42000 WSManStackVersion: 3.0 PSRemotingProtocolVersion: 2.3 SerializationVersion: 1.1.0.1 ********************** Transcript started, output file is ~\Documents\PowerShell_transcript.L-PF0TBKV7.Sr1ntThx.20190611143800.txt C:\WINDOWS\system32 > PS>c:\temp\1.ps1 Image Name PID Session Name Session# Mem Usage ========================= ======== ================ =========== ============ csrss.exe 756 Console 1 2,936 K C:\WINDOWS\system32 > PS>Stop-Transcript ********************** Windows PowerShell transcript end End time: 20190611143810 ********************** C:\WINDOWS\system32> |
As you can see it does not contain the command line.
Answer:
If Event logs is an option, start tracing by enabling this Group Policy.
Administrative Templates -> Windows Components -> Windows PowerShell
See Microsoft Docs – Script Tracing and Logging
Then you would of course need to parse the Event logs accordingly…