Solved

PowerShell Script for alerting on when logs are modified or exceed a certain size

Posted on 2016-08-30
5
24 Views
Last Modified: 2016-09-01
Hi All

I am working on a PowerShell script that will alert on:

1) If a log file has been written to in the last 24 hours
2) If a log file exceeds x MB in size

Currently when I run the script I get 14 emails when running the script instead of the expected 1 as no files have been written to in several days and only 1 file is over 10MB in size.

# Name   :   Log file Alerts (Modified in last 24 hours or exceeded 10MB)
# Date   :   
# Author :   
#
# This script will check the date modified of log files and alert if they have been written to in the last 24 hours
# It will alert to email when the log files exceeds X MB in size

##############  User editable variables ##############
$Server = "8300-15041"
$LogType = "CDs & Notification Server Log File Checks"
$log = 'C:\MATSTEST\'
$LogURL = "\\8300-15041\c$\MATSTEST"
$MaxLogSize = 10MB

##############  Set Email variables ##########
$smtp = "mail.xxxxxxx.xxx" 
#$Recipients = "Application Support <matthew.emery@xxxxxxx.xxx>" 
[String[]]$Recipients = "matthew.emery@xxxxxxx.xxx" #Use for multiple recipients
$from = "noreply@xxxxxxx.xxx"
$subject = "Urgent! $Server $LogType Errors exist within the last 24 hours"
$subject2 = "Urgent! $Server $LogType Log file exceeded 10MB"
$body  = "Please log into <b><font color=red>$Server</font></b> and check $LogURL Log files<br>"
$body += "Click Here"

############## Search log directory for .log files written to within the last 24 hours ############## 

get-item $Log\*.log -Exclude "Notification Server (NOTIFICATION)_pager*" | ForEach-Object {


    ############## Send email alert if log file has been written to within the last 24 hours ##############
    IF ($_.LastWriteTime -gt (get-date).AddDays(-1)) {
        Send-MailMessage    -From $from -To $Recipients -Subject "$subject" -Body "$body" -BodyAsHtml -Priority high -Smtpserver $SMTP;       
    }

    ############## Email alert if log file has grown to over 10MB ##############
    $LogSize = Get-ChildItem $log | select length -ExpandProperty Length
    IF ($LogSize -gt $MaxLogSize) {
    Send-MailMessage    -From $from -To $Recipients -Subject "$subject2" -Body "$body" -BodyAsHtml -Priority high -Smtpserver $SMTP;
    }
}

else {exit}

Open in new window


I nearly forgot ...... As per line 27 I want to add further exceptions such as 'Notification Server (NOTIFICATION)_email' but I am not sure what formatting to use when using multiple exceptions

Mail Server and email addresses have been removed prior to posting the code

Any help on this issue would be really appreciated.
0
Comment
Question by:IM&T SRFT
  • 3
  • 2
5 Comments
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 41776671
The problem is with line 36.  Every time through the loop started on line 27, you were doing another loop searching for the same files.  If you just change line 36 to the following I think you're good.
    $LogSize = $_.Length

Open in new window

0
 

Author Comment

by:IM&T SRFT
ID: 41779329
Hi Footech,

Thank you so much that worked a treat!

I don't suppose you could advise about the other part where I wanted to add further exceptions to line 27.  I want to add 'Notification Server (NOTIFICATION)_email' to the exception but not sure what character separators to use for additional exceptions.
0
 
LVL 39

Expert Comment

by:footech
ID: 41779571
Sorry, didn't see that earlier.
The simplest way to find the answer is to read the help for the cmdlet.  If I remember correctly, you can just specify a string array (i.e. multiple items separated by commas).  For example:
-exclude "one*","two*"
0
 

Author Closing Comment

by:IM&T SRFT
ID: 41779803
Thank you for your help it is very much appreciated!

Have not quite nailed the exclusions but nearly there.
0
 
LVL 39

Expert Comment

by:footech
ID: 41780151
Also, more complex filtering could be done by piping to Where-Object and setting conditions there.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
This article will help you understand what HashTables are and how to use them in PowerShell.
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now