jahhan
asked on
Error Running OWA Audit Script
I have a script that audit IIS log files for iPhone sessions. Whenever I try to audit multiple servers I receive an error message of 'Cannot find path '\\ server2\c$\windows\system3
If I change the order to audit server 2 first I get the message for server1.
--------------------------
https://www.experts-exchange.com/questions/26295102/Powershell-script-that-lists-IPhone-devices-connecting-to-OWA-servers.html
#Name: iPhone users syncing through OWA audit
#set the timeframe to audit in days
$Daysold = 90
$Date = (get-date).adddays(-$dayso
$servers = 'server1' , 'server2'
foreach ($s in $servers)
{
Write-host -ForegroundColor Blue "Checking server $s for files from the last $daysold day(s)"
$logfiles += gci -path \\$s\c$\windows\system32\l
}
Foreach ($l in $logfiles)
{
Write-host "Processing "$l.fullname
Copy-item $l.fullname -Destination $pwd.path
$listousers += gc $l.name | where {$_ -match "DeviceType="}
Remove-Item $l.name
}
$user = @()
foreach ($l in $listousers | where {$_ -ne $null})
{
$u = $l.split(" ")[8]
if ($user -notcontains $u)
{
$user += "$u"
}
$u = $null
}
$body = "<!DOCTYPE html PUBLIC `"-//W3C//DTD XHTML 1.0 Strict//EN`" `"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd`">"
$body += "<html xmlns=`"http://www.w3.org/1999/xhtml`">"
$body += "<head>"
$body += "<title>iPhone Users</title>"
$body += "</head><body>"
$body += "<table border=1>"
$body += "<colgroup>"
$body += "<col/>"
$body += "</colgroup>"
$body += "<tr><td><b>iPhone Users</b></td></tr>"
foreach ($y in $user)
{
$body += "<tr><td>$y</td></tr>"
}
$body += "</table>"
$body += "</body></html>"
$smtpServer = "smtpserver.com"
$mailer = new-object Net.Mail.SMTPclient($smtps
$From = "user1@test.com"
$To = "user1@test.com"
$subject = "iPhone users syncing through OWA in the last $daysold day(s)"
$msg = new-object Net.Mail.MailMessage($from
$msg.IsBodyHTML = $true
$mailer.send($msg)
If I change the order to audit server 2 first I get the message for server1.
--------------------------
https://www.experts-exchange.com/questions/26295102/Powershell-script-that-lists-IPhone-devices-connecting-to-OWA-servers.html
#Name: iPhone users syncing through OWA audit
#set the timeframe to audit in days
$Daysold = 90
$Date = (get-date).adddays(-$dayso
$servers = 'server1' , 'server2'
foreach ($s in $servers)
{
Write-host -ForegroundColor Blue "Checking server $s for files from the last $daysold day(s)"
$logfiles += gci -path \\$s\c$\windows\system32\l
}
Foreach ($l in $logfiles)
{
Write-host "Processing "$l.fullname
Copy-item $l.fullname -Destination $pwd.path
$listousers += gc $l.name | where {$_ -match "DeviceType="}
Remove-Item $l.name
}
$user = @()
foreach ($l in $listousers | where {$_ -ne $null})
{
$u = $l.split(" ")[8]
if ($user -notcontains $u)
{
$user += "$u"
}
$u = $null
}
$body = "<!DOCTYPE html PUBLIC `"-//W3C//DTD XHTML 1.0 Strict//EN`" `"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd`">"
$body += "<html xmlns=`"http://www.w3.org/1999/xhtml`">"
$body += "<head>"
$body += "<title>iPhone Users</title>"
$body += "</head><body>"
$body += "<table border=1>"
$body += "<colgroup>"
$body += "<col/>"
$body += "</colgroup>"
$body += "<tr><td><b>iPhone Users</b></td></tr>"
foreach ($y in $user)
{
$body += "<tr><td>$y</td></tr>"
}
$body += "</table>"
$body += "</body></html>"
$smtpServer = "smtpserver.com"
$mailer = new-object Net.Mail.SMTPclient($smtps
$From = "user1@test.com"
$To = "user1@test.com"
$subject = "iPhone users syncing through OWA in the last $daysold day(s)"
$msg = new-object Net.Mail.MailMessage($from
$msg.IsBodyHTML = $true
$mailer.send($msg)
Enhanced version, kind of requires PowerShell 2 though.
Chris
#Name: iPhone users syncing through OWA audit
#set the timeframe to audit in days
$DaysOld = 90
$servers = 'server1' , 'server2'
$Servers | ForEach-Object {
Get-ChildItem "\\$_\c$\windows\system32\logfiles\W3SVC1" |
Where-Object { $_.LastWriteTime -gt (Get-Date).AddDays(-$DaysOld) } |
ForEach-Object {
Write-Progress "Copying Files" -Status "$($_.FullName)"
Copy-Item $_.FullName "$($PWD.Path)\Working\$_.$($_.Name)"
}
Write-Progress "Copying Files" $_ -Completed
}
$Report = Get-ChildItem "Working" | Select-Object -First 1 | ForEach-Object {
$Header = (Get-Content $_.FullName -TotalCount 4 | Where-Object { $_ -Match '#Fields:' })
$Header = ($Header -Replace '#Fields: ').Split(' ', [StringSplitOptions]::RemoveEmptyEntries)
Write-Progress "Processing Files" -Status "$($_.FullName)"
Import-Csv $_.FullName -Delimiter ' ' -Header $Header |
Where-Object { $_."cs-uri-query" -Match 'DeviceType' } |
Select-Object `
@{n='Date';e={ Get-Date "$($_.date) $($_.time)" }},
@{n='Username';e={ $_."cs-uri-query".Split('&')[0] -Replace '^.*=' }},
@{n='DeviceType';e={ $_."cs-uri-query".Split('&')[2] -Replace '^.*=' }}
}
Send-MailMessage -To "user1@test.com" -From "user1@test.com" `
-Body $([String]($Report | ConvertTo-Html)) -BodyAsHtml `
-Subject "iPhone users syncing through OWA in the last $daysold day(s)" `
-SmtpServer "smtpserver.com"
ASKER
Chris thanks for the script. Unfortunately I receive the error message of 'cannot find path \\ server2\c$\windows\system3
> \\ server2
Really with a space? Or typo with the edit?
Is it actually wrong about the path?
Chris
ASKER
I re-applied the script and it now executes without an error; however, there is still a problem. When I receive the email there is no information in the body of the message. I checked the local logged files to confirm the entries I'm focusing on are present, which they are, but its not being reported in the email.
Lets have it drop the report to a file, that way you can check the file as well. If the file is empty then our search through the logs is failing for some reason.
The report will be saved in the same folder as you run the script from.
Chris
#Name: iPhone users syncing through OWA audit
#set the timeframe to audit in days
$DaysOld = 90
$servers = 'server1' , 'server2'
$Servers | ForEach-Object {
Get-ChildItem "\\$_\c$\windows\system32\logfiles\W3SVC1" |
Where-Object { $_.LastWriteTime -gt (Get-Date).AddDays(-$DaysOld) } |
ForEach-Object {
Write-Progress "Copying Files" -Status "$($_.FullName)"
Copy-Item $_.FullName "$($PWD.Path)\Working\$_.$($_.Name)"
}
Write-Progress "Copying Files" $_ -Completed
}
$Report = Get-ChildItem "Working" | Select-Object -First 1 | ForEach-Object {
$Header = (Get-Content $_.FullName -TotalCount 4 | Where-Object { $_ -Match '#Fields:' })
$Header = ($Header -Replace '#Fields: ').Split(' ', [StringSplitOptions]::RemoveEmptyEntries)
Write-Progress "Processing Files" -Status "$($_.FullName)"
Import-Csv $_.FullName -Delimiter ' ' -Header $Header |
Where-Object { $_."cs-uri-query" -Match 'DeviceType' } |
Select-Object `
@{n='Date';e={ Get-Date "$($_.date) $($_.time)" }},
@{n='Username';e={ $_."cs-uri-query".Split('&')[0] -Replace '^.*=' }},
@{n='DeviceType';e={ $_."cs-uri-query".Split('&')[2] -Replace '^.*=' }}
}
$Report | Export-Csv "ReportBackup.csv"
Send-MailMessage -To "user1@test.com" -From "user1@test.com" `
-Body $([String]($Report | ConvertTo-Html)) -BodyAsHtml `
-Subject "iPhone users syncing through OWA in the last $daysold day(s)" `
-SmtpServer "smtpserver.com"
ASKER
I get a blank email. In the Powergui app it reads 'Cannot bind argument to parameter 'InputObject' because it is null. (Export-Csv) At line: 39 char: 21 '
Ah... a thought... it expects to be using a Working directory, can you see if that exists? It'll be beneath the current folder if it does. I neglected to add a step into create that.
If it does exist it should contain the log files like this:
<servername>.<originallogf
Chris
ASKER
On my local system I do not see a folder with the title of the servers
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER