Databases
StackOverflow2013
Postsdbo
POHow can I search my Exchange logs using Powershell?
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POHow can I search my Exchange logs using Powershell?
    primarykey
    data
    text
    <p>This is a preliminary script, it's a bit ugly and needs some work (esp. the pop3 logs section) but I use it periodically to make my life easier. It's intended to be used in the Powershell ISE so I included the Easy Rerun section at the bottom. Feel free to offer suggestions, fixes, and cleanup if you find it useful.</p> <p>Make sure to update the MailServerName and Log Folders to match your environment.</p> <blockquote><pre> # == Begin by setting these == $SearchFilter = "sonic.net" $StartDate = (Get-Date).AddDays(-1) #(Get-Date 10/01/2012) $EndDate = (Get-Date).AddDays(-0) #(Get-Date 11/01/2012) $mailserver = "MailServerName" $OutputFolder = "$env:userprofile\Desktop\ExchangeLogs\" $IISLogsFolder = "\\$mailserver\c$\inetpub\logs\LogFiles\W3SVC1" $POP3LogsFolder = "\\$mailserver\c$\Program Files\Microsoft\Exchange Server\V14\Logging\POP3" # Untested $SMTPLogsFolder = "\\$mailserver\c$\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\MessageTracking" $POP3OutFile = "$OutputFolder\ExchangePOP3Logs.csv" $IISOutFile = "$OutputFolder\ExchangeIISLogs (owa, exchange, and activesync).csv" $SMTPOutFile = "$OutputFolder\ExchangeSMTPLogs.csv" # == Initialization == function Check-IISLogs { $IISFiles = Get-ChildItem $IISLogsFolder *.log|Where-Object {($_.CreationTime -gt $StartDate) -and ($_.CreationTime -lt $EndDate)} $IISHeader = ($IISFiles|Select-Object -First 1|Get-Content|select-string "#fields"|Select-Object -First 1).ToString().Substring(9).split(" ") $IISLogs = $IISFiles|Get-Content|Select-String $SearchFilter # might be able to do RegEx search (untested) $IISLogsCsv = $IISLogs|ConvertFrom-Csv -Delimiter " " -header $IISHeader $IISLogsCSV|Export-Csv -Path "$IISOutFile" #start excel "$IISOutFile" } function Check-Pop3Logs { # !!!UNTESTED!!! $POP3Files = Get-ChildItem $POP3LogsFolder *.log|Where-Object {($_.CreationTime -gt $StartDate) -and ($_.CreationTime -lt $EndDate)} $POP3Header = ($POP3Files|Select-Object -First 1|Get-Content|select-string "#fields"|Select-Object -First 1).ToString().Substring(9).split(" ") #ToDo: update select-string, substring, and split([delimiter]) $POP3Logs = $POP3Files|Get-Content|Select-String $SearchFilter # might be able to do RegEx search (untested) $POP3LogsCsv = $POP3Logs|ConvertFrom-Csv -Delimiter " " -header $POP3Header #ToDo: update Delimiter $POP3LogsCSV|Export-Csv -Path "$POP3OutFile" #start excel "$POP3OutFile" } function Check-SMTPLogs { $SMTPFiles = Get-ChildItem $SMTPLogsFolder *.log|Where-Object {($_.CreationTime -gt $StartDate) -and ($_.CreationTime -lt $EndDate)} $SMTPHeader = ($SMTPFiles|Select-Object -First 1|Get-Content|select-string "#fields"|Select-Object -First 1).ToString().Substring(9).split(",") $SMTPLogs = $SMTPFiles|Get-Content|Select-String $SearchFilter # might be able to do RegEx search (untested $SMTPLogsCsv = $SMTPLogs|ConvertFrom-Csv -Delimiter "," -header $SMTPHeader $SMTPLogsCSV|Export-Csv -Path "$SMTPOutFile" #start excel "$SMTPOutFile" } # == Run == Check-IISLogs #Check-Pop3Logs # doesn't work yet Check-SMTPLogs New-Item -Type Directory $OutputFolder -ErrorAction silentlycontinue start $OutputFolder &lt;# -- Easy rerun $SearchFilter = "username" #$StartDate = (Get-Date).AddDays(-1) #(Get-Date 10/01/2012) #$EndDate = (Get-Date).AddDays(-0) #(Get-Date 11/01/2012) Check-IISLogs #Check-Pop3Logs # doesn't work yet Check-SMTPLogs start $OutputFolder #> </pre></blockquote>
    singulars
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PTQuestion
    1. This table or related slice is empty.
    1. USChris Rudd
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. COWhat is the question?
      singulars
      1. POHow can I search my Exchange logs using Powershell?
      1. USdan-gph
    2. COThe question was "How can I search my Exchange logs using Powershell?" I posted this for someone on a spiceworks forum, and I figured it made sense to post it here so that other people can use it as a starting point if they have similar needs
      singulars
      1. POHow can I search my Exchange logs using Powershell?
      1. USChris Rudd
    3. COOh. The post at the top of the page should be a question. That's the format: a question at the top, and then people present their answers below. You can answer your own question if you like.
      singulars
      1. POHow can I search my Exchange logs using Powershell?
      1. USdan-gph
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload