Scenario: Using your IISLogs, you want to pull together a list of successfully authenticated users that will provide a count of their authentication attempts for each Exchange Protocol/Virtual Directory. We will achieve this via PowerShell and LogParser.
Solution:
#Scriptlet variables:
$server = "ExServer1","ExServer2","ExServer3"
$Results = @()
#Loop through Each Server
$server | %{
#Declare Server Variable
$s = $_
#Find last 7 days worth of IISlogs
$iislogs = Get-ChildItem "\\$s\c$\inetpub\logs\LogFiles\W3SVC1\*.log" | Select -last 7
#Loop it through each IISLog
$iislogs.fullname |%{
#Declare Temp variables
#filename
$f = $_
#Logparser Query statement
$lp = "SELECT count(*) as hits, sc-status, cs-username,cs-uri-stem,s-ip,date from $f where sc-status=200 and cs-username NOT LIKE '%health%' and cs-username Is NOT NULL and cs-username NOT LIKE '%S-1-5%' GROUP BY s-ip,sc-status, cs-username, cs-uri-stem,date order by hits desc"
#Display it
"Searching on $s - $f"
#Run the Log Parser
$results += & "C:\Program Files (x86)\Log Parser 2.2\logparser.exe" -i:IISW3C -q:on -rtp:-1 @"
$lp
"@
}
}
#Export File
and review
$results | Out-file C:\temp\results.txt
Ex-Shell 