# encoding: ascii
# api: powershell
# title: get-smtpconnections
# description: extract unique list of ip addresses from single or mulitple smtp logfiles (w3svc)
# version: 0.1
# author: chriskenis
# license: CC0
# x-poshcode-id: 3947
# x-archived: 2015-08-03T02:21:30
# x-published: 2015-02-14T09:10:00
#
#
param (
$logpath = "C:\WINDOWS\system32\LogFiles\SMTPSVC1"
# can also be fed by "gci $logpath | select basename" but then all logfiles would be read
$logfiles = @("ex130213.log","ex130214.log")
$regex = "(?:[0-9]{1,3}\.){3}[0-9]{1,3}"
)
$smtphosts = @()
foreach ($logFile in $logfiles){
# can also be iterated thru "gci $logpath" if all logfiles need parsing
$logfilepath = Join-Path $logpath $logfile
write-host "getting smtp connections from $logfile" -foregroundcolor green
$smtphosts += select-string -Path $logfilepath -Pattern $regex -AllMatches | %{ $_.Matches } | % { $_.Value } | sort -Unique
}
$smtphosts | sort -Unique
# can be followed by "| nslookup" for automated reverse lookup