Add Exchange/Get-SMTPTraffic.ps1

Exchange/Get-SMTPTraffic.ps1

@@ -0,0 +1,22 @@
+$logPath = "C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\ProtocolLog\SmtpReceive"
+
+# Get the newest log file
+$logFile = Get-ChildItem -Path $logPath -Filter *.log | Sort-Object LastWriteTime -Descending | Select-Object -First 1
+
+# Get the fields/header from the log file
+$fields = Select-String -Path $logFile.FullName -Pattern '^#Fields:' | ForEach-Object {
+    $_.Line -replace '^#Fields: ', ''
+} | Select-Object -First 1
+
+# Turn header into an array
+$columns = $fields -split ','
+
+# Parse the log file, skipping comment lines
+Get-Content $logFile.FullName | Where-Object { -not ($_ -like '#*') -and $_ -match ',' } | ForEach-Object {
+    $row = $_ -split ',(?=(?:[^"]*"[^"]*")*[^"]*$)'  # Handles quoted fields
+    $obj = [PSCustomObject]@{}
+    for ($i = 0; $i -lt $columns.Count; $i++) {
+        $obj | Add-Member -NotePropertyName $columns[$i].Trim() -NotePropertyValue ($row[$i] -replace '^"|"$', '')
+    }
+    $obj
+} | Where-Object { $_.'remote-endpoint' -like '192.168.1.*' } | Select-Object date-time, connector-id, remote-endpoint, event, data