Link to home
Start Free TrialLog in
Avatar of AXISHK
AXISHK

asked on

powershell

How to write a powershell to read the attachment Exchange log file and filter a particular user "johnlee" and extract the date, time , username, IP and device ?

Thx
Avatar of aikimark
aikimark
Flag of United States of America image
read the attachment Exchange log file
missing
Avatar of AXISHK
AXISHK

ASKER

Thx.
myTest.txt
Avatar of oBdA
oBdA
Like that?
$userName = 'abc\johnlee'
$log = 'C:\Temp\myTest.txt'
$header = (Get-Content -Path $logFile -TotalCount 1) -replace '\A#Fields:\s' -split ' '
Get-Content -Path $logFile | Select-Object -Skip 1 | ConvertFrom-Csv -Header $header -Delimiter ' ' |
	Where-Object {$_.'cs-username' -eq $userName} |
	Select-Object -Property Date, Time, @{n='Username'; e={$_.'cs-username'}}, @{n='IP'; e={$_.'s-ip'}}, @{n='UserAgent'; e={$_.'cs(User-Agent)'}}

Open in new window

Avatar of Sunil Chauhan
Sunil Chauhan
Flag of India image
Try the following script....

param(
$logFilepath = "C:\Users\Desktop\departed-user.txt",
$USERNAME="user"
)

$logdata = Get-Content $logfilepath
$CsvHeader=$logdata[3].Replace("#Fields: ","")
$user=$logdata | ? {$_ -match $USERNAME}

$FinalData=@()
$FinalData+=$CsvHeader
$FinalData+=$user

$Report=@()
foreach ($line in $FinalData){
        $newline=$line.replace(" ",",")
        $Report+=$newline }
$report

Open in new window

Avatar of AXISHK
AXISHK

ASKER

Thx.

$header = (Get-Content -Path $logFile -TotalCount 1) -replace '\A#Fields:\s' -split ' '

1. What does "-TotalCount 1" and  '\A#xxx:\s' mean ?
2. Is it possible to format the output into single line for each matched items ?

Thx
Avatar of AXISHK
AXISHK

ASKER

Sorry, there is few dummy lines before the heading ? How can i skip it ?

Thx
myTest.txt
ASKER CERTIFIED SOLUTION
Avatar of oBdA
oBdA
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of AXISHK
AXISHK

ASKER

Thx