23 lines
1.1 KiB
PowerShell
23 lines
1.1 KiB
PowerShell
$logPath = "C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\ProtocolLog\SmtpReceive"
|
|
|
|
# Get the newest log file
|
|
$logFile = Get-ChildItem -Path $logPath -Filter *.log | Sort-Object LastWriteTime -Descending | Select-Object -First 1
|
|
|
|
# Get the fields/header from the log file
|
|
$fields = Select-String -Path $logFile.FullName -Pattern '^#Fields:' | ForEach-Object {
|
|
$_.Line -replace '^#Fields: ', ''
|
|
} | Select-Object -First 1
|
|
|
|
# Turn header into an array
|
|
$columns = $fields -split ','
|
|
|
|
# Parse the log file, skipping comment lines
|
|
Get-Content $logFile.FullName | Where-Object { -not ($_ -like '#*') -and $_ -match ',' } | ForEach-Object {
|
|
$row = $_ -split ',(?=(?:[^"]*"[^"]*")*[^"]*$)' # Handles quoted fields
|
|
$obj = [PSCustomObject]@{}
|
|
for ($i = 0; $i -lt $columns.Count; $i++) {
|
|
$obj | Add-Member -NotePropertyName $columns[$i].Trim() -NotePropertyValue ($row[$i] -replace '^"|"$', '')
|
|
}
|
|
$obj
|
|
} | Where-Object { $_.'remote-endpoint' -like '192.168.1.*' } | Select-Object date-time, connector-id, remote-endpoint, event, data
|