I have mede a script, which connects to all Exchange servers in organization using remote powershell and gathers all event logs for you to central place. Then it analyses event logs based on previous article (https://wordpress.com/post/40179192/2178/) (database of event IDs must be stored as CSV file delimited by semicolon). The result is again XLSX file with two worksheets. One is event ID raw data and second is analyzed event IDs. If there is event ID not present in the database, script marks it with “NEW IN DB, must be found first” in the Action row. If you run the script with empy CSV for database, it will generate XLSX as well, but you have to find solution for every event.
The script utilizes Export-XLSX.ps1. Thanks guys for the great job! https://gallery.technet.microsoft.com/office/Export-XLSX-PowerShell-f2f0c035
Example of script:
# Event logs gathering
Write-Host "Event logs gathering ... " -ForegroundColor White
#Event log variables
$exservers = get-exchangeserver
$evtlogdaysback = 1
$experfwizserver = hostname
$experfwizfilepath = "\\$($experfwizserver)\c$\ExchangeHealthCheck" # zmeneno z c:...
$outpath = "\\$($experfwizserver)\c$\ExchangeHealthCheck"
$WellKnownEventLogDB = import-csv .\wellknownevents.csv -Delimiter ";"
############## evt log gathering
$evtlogout = @()
foreach ($exsvr in $exservers){
Write-Host "Processing Exchange server $($exsvr.fqdn) ...."
$evtlogout +=Invoke-Command -computername $exsvr.fqdn -ScriptBlock {
$dat = ((get-date).adddays(-$args[0]))
Get-eventlog -LogName * | select log | foreach {get-eventlog -LogName $_.log -EntryType Error,warning | where {$_.TimeGenerated -gt $dat} | select eventID,MachineName,Category,CategoryNumber,EntryType,Message,Source,TimeGenerated,PSComputerName}
} -ArgumentList $evtlogdaysback
}
$bck = $evtlogout
$evtlogout = $evtlogout
#EVTlog cleaning
$i = 0
$out = @()
foreach ($line in $evtlogout){
$melio = ""
$line.message = $line.message.replace("`r`n","--")
foreach ($meli in $line.message){$melio = "$($melio) " + $meli}
$line.message = $melio
$out +=$line
}
# Event logs grouping, counting and comparing with WellKnownEventLogs Flat File DB
$res = @()
$WellKnownEventLogDB = import-csv .\wellknownevents.csv -Delimiter ";"
$analysedevents = "" | select count,eventid,entrytype,source,Message,action,affectedservers
$groupedlogs = $out | group eventID,source | sort name
foreach ($evtgroup in $groupedlogs){
$match = 0
foreach ($dbline in $WellKnownEventLogDB){
if($dbline.Eventid -match $evtgroup.name.split(",")[0]){
if($dbline.Source -match $evtgroup.name.split(",")[1].trim()){
$analysedevents = "" | select count,eventid,entrytype,source,Message,action,affectedservers
$analysedevents.eventid = $dbline.Eventid
$analysedevents.entrytype = $dbline.EntryType
$analysedevents.source = $dbline.Source
$analysedevents.Message = $dbline.Message
$analysedevents.action = $dbline.action
$analysedevents.affectedservers = "$($evtgroup.group | select machinename | group machinename | select name)"
$analysedevents.count = $evtgroup.count
$res +=$analysedevents
$match = 1
}
}
}
$match
if ($match -eq 1){}else{
$analysedevents = "" | select count,eventid,entrytype,source,message,action,affectedservers
$analysedevents.eventid = $evtgroup.name.split(",")[0]
$analysedevents.EntryType = $evtgroup.group[0].EntryType
$analysedevents.source = $evtgroup.name.split(",")[1].trim()
$analysedevents.message = $evtgroup.group[0].message
$analysedevents.action = "NEW IN DB, must be found first"
$analysedevents.affectedservers = "$($evtgroup.group | select machinename | group machinename | select name)"
$analysedevents.count = $evtgroup.count
$res +=$analysedevents
}
}
$res | .\Export-xlsx -path "$($xlsout)\EventLogs.xlsx" -WorKsheetname "Analyzed EVENT logs" -Append
$EvtNotExchrelLOGS = $out
$EvtNotExchrelLOGS | .\Export-xlsx -path "$($xlsout)\EventLogs.xlsx" -WorKsheetname "Event logs raw data" -Append
################################################################################################################################################################################################################################
################################
# Ends HERE #
################################
Download:
