Posts Tagged ‘PowerShell’

PowerShell Application and System Event Log Matrix (HTML)

December 30, 2014 Leave a comment

As a fun scripting project, I thought it would be beneficial to create an Event Log Matrix of sorts that displayed Windows Server application and system errors and warnings by count and error message on a simple HTML page using PowerShell.   The below script dumps the top 5 errors per server, along with the error count, Event ID, Error Type and the event message for the last 2 hours.   This is a great tool for daily system checks.


Ed McKinzie


#SCRIPT Purpose: This script enumerates and sorts the top 5 Application and System event errors 
# and warnings for each Exchange server in your environment and populates them
# into a neatly formated HTML page. The script also parses the first 100 characters
# of the event message for easy analysis. A progress bar was also added to show progress.
#Author: Ed McKinzie -
#Script name: Get_Eventlog_Count.ps1
#PreReqs: Create a text file named C:\Scripts\Servers_list.txt and populate it with FQDN server names, 1 server name per line


$date = (Get-Date).Addhours(-2);

#Define the Error Handling
$erroractionpreference = "SilentlyContinue";
[Int] $intSucceeded = 0;

#remove-item C:\Exchange_Event_Log_Matrix.htm (This will error the first time it runs, as the file does not exist.
remove-item "C:\Exchange_Event_Log_Matrix.htm";

#Create a new HTML Page
$file = New-Item -type file "C:\Exchange_Event_Log_Matrix.htm";

Add-Content $file "<HTML><TITLE>Exchange Event Log Matrix</TITLE>";
Add-Content $file "<style>BODY{color:white;font-family:verdana;font-size:7pt;background-color:black}table{border-style:solid;border-width:thin;border-color:white;width:100%;}th{font-size:7pt;text-align:left;}td{font-size:7pt;background-color:#000000;}</style>";
Add-content $file "<font color=#00FF00 font size='3'><Center><b>Exchange Event Log Matrix</b></Center></font>";
Add-content $file "<br>";

Function Get_WinEVENT {
#$CAS_Servers = Get-ExchangeServer;
#@(foreach($comp in $CAS_Servers) {

@(foreach($comp in(Get-Content "C:\Scripts\Servers_list.txt")){ #Change it to this if you want the script to run against a list of servers

Write-Progress -Activity "Parsing Event Logs" -Status "Number of servers processed: $intSucceeded";

$App_Error_CNT = 0;
$App_Warning_CNT = 0;
$Sys_Error_CNT = 0;
$Sys_Warning_CNT = 0;

Write-Host "Working on $Comp";

#Enumerate the Event logs
#Application Logs
$appErrors = Get-WinEvent -ComputerName $comp -FilterHashTable @{LogName='Application'; Level=1,2,3; StartTime=$date} | Select-Object [string]$comp, @{Expression={$_.Id};Label="ID"},@{Expression={$_.LevelDisplayName};Label="ErrorType"}, @{Expression={$_.ProviderName};Label="Source"}, @{Label='Message';Expression={$_.Message.Substring(0,100)}} #| ConvertTo-Html;

#System Logs
$SysErrors = Get-WinEvent -ComputerName $comp -FilterHashTable @{LogName='System'; Level=1,2,3; StartTime=$date} -ErrorAction SilentlyContinue | Select [string]$comp, @{Expression={$_.Id};Label="ID"},@{Expression={$_.LevelDisplayName};Label="ErrorType"}, @{Expression={$_.ProviderName};Label="Source"}, @{Label='Message';Expression={$_.Message.Substring(0,100)}} #| ConvertTo-Html;

# Combine and sort the arrays
#Sort and Filter the Application Logs
$AppError_Count = $appErrors | Group-Object ID, ErrorType, Source, Message | Sort-Object Count -descending | Select @{Expression={$_.count};Label="App Errors"}, @{Expression={$_.Name};Label="Event ID, Error Type, and Message"} -First 5 | ConvertTo-Html;

#Sort and Filter the System Logs
$SysError_Count = $SysErrors | Group-Object ID, ErrorType, Source, Message | Sort-Object Count -descending | Select @{Expression={$_.count};Label="Sys Errors"}, @{Expression={$_.Name};Label="Event ID, Error Type, and Message"} -First 5 | ConvertTo-Html;

Write-Host "Finished $Comp";

#Add the content to the HTLM Page
Add-content $file "<TR><font color=#00FF00 font size='1'><B>$comp</Font></td>","$AppError_Count</td>","$SysError_Count</td>";
Add-content $file "<BR>";

#Increment Progress Bar


#Close the table
Add-Content $file "</Table>"


#Call the WINEVENT Function


Exchange 2010 Message Tracking Query Against Specific IP Address

May 1, 2014 3 comments

You may run into a scenario where you want to query your Exchange 2010 Message Tracking Logs to target a specific source IP address.   This often comes in handy if you have 3rd party applications or client SMTP relaying enabled in your environment.

The script will prompt you with 4 questions:

  1. The target IP
  2. Where to Email the Report
  3. How many hours to go back
  4. SMTP Server

Good luck!

Ed McKinzie

#Save as Message_Tracking_IP_Query.ps1
#Author: Ed McKinzie
#Use: Query Exchange 2010\2013 Message Tracking Logs for a specific sending IP Address
#Start of Script
#Delete any previous message tracking logs queries
remove-item .\*TrackingLogs.html
#Get the Variables for your query
$SMTP_IP=Read-Host “Enter a sending address you want to perform Message Tracking on”
$mailbox_report=Read-Host “Enter a mailbox\Email Address you want to Send this report”
$back_in_time =Read-Host “How far do you want to go back in time in hours:”
$SMTP_Server =Read-Host “Enter in the FQDN of your SMTP server:”
#Define the Dates
#Set the AD Environment
Set-ADServerSettings -ViewEntireForest:$True
#Start of the Array
#$comp is the variable for “Server”
@(foreach($comp in Get-TransportServer) {
$b = $b + “<br><font size=’2′>Message Tracking Log for <b>$SMTP_IP</b> from Server: <b>$Comp</b></font><HR><style>table{border-style:solid;border-width:0px;font-size:7pt;background-color:#ccc;width:80%;}th{text-align:left;}td{background-color:#fff;border-style:solid;border-width:0px;}body{font-family:verdana;font-size:7pt;}h1{font-size:7pt;}h2{font-size:10pt;}</style>”
$GetMessage_Tracking = get-messagetrackinglog -resultsize unlimited -server $comp -Start $StartDate -End $EndDate | where {$_.ClientIp -eq $SMTP_IP} | `
ConvertTo-Html -Head $b Timestamp, Sender, {$_.Recipients}, MessageSubject, ClientHostname, ClientIP,ServerHostname, `
ConnectorId, EventId, InternalMessageId, TotalBytes,Source,SourceContext | Add-content .\$SMTP_IP-TrackingLogs.html
$b = $null
 write-host “Parsing the logs on Server: $comp”
Send-MailMessage -To $mailbox_report -From “” `
-Subject “Exchange Mailbox Message Tracking on $SMTP_IP” -SmtpServer “$SMTP_Server” `
-Attachments .\$SMTP_IP-TrackingLogs.html `
-body (“Here are the Message tracking logs for $SMTP_Recipient between $StartDate and $EndDate”)