PoshCode Archive  Artifact [e466b30e45]

Check-ins Using Download Hex

Artifact e466b30e45c693381e3662c2d66a368f66141b21cf3081540bd72568fc2886a0:

  • File Audit-iPhone-Palm-Users.ps1 — part of check-in [2c1c95bafe] at 2018-06-10 13:00:01 on branch trunk — This script is intended to use IIS logs to audit OWA/Activesync logs for syncing of mail from an iPhone or a palm device. This script is not perfect, nor the prettiest thing in the world but it works. It could be further added to parse for windows mobile devices. If it was really slick it would grab all the unique values in the DeviceType= portion and then automatically include all mobile types. You can email the results to yourself in $To varible. (user: psukus size: 3100) 
# encoding: ascii
# api: powershell
# title: Audit iPhone/Palm Users
# description: This script is intended to use IIS logs to audit OWA/Activesync logs for syncing of mail from an iPhone or a palm device. This script is not perfect, nor the prettiest thing in the world but it works.  It could be further added to parse for windows mobile devices.  If it was really slick it would grab all the unique values in the DeviceType= portion and then automatically include all mobile types.  You can email the results to yourself in $To varible.
# version: 1.0
# type: script
# author: psukus
# license: CC0
# x-poshcode-id: 1685
# x-archived: 2010-03-12T03:48:47
#
#
#Created by P. Sukus
#Modified by D. Dill
#Name: mobile users syncing through OWA audit 
#set the timeframe to audit in days
$Daysold = 1
$Date = (get-date).adddays(-$daysold)
$servers = "server1", "server2", "server3"
foreach ($s in $servers) 
    {
    Write-host -ForegroundColor Blue "Checking server $s for files from the last $daysold day(s)"
    $logfiles += gci -path \\$s\c$\inetpub\logs\LogFiles\W3SVC1 | where {$_.LastWriteTime -gt $date}
    }
    
Foreach ($l in $logfiles)
    {
    
    Write-host "Processing "$l.fullname
    Copy-item $l.fullname -Destination $pwd.path
	$palmusers +=  gc $l.name | where {$_ -match "DeviceType=Palm"}
	$iphoneusers +=  gc $l.name | where {$_ -match "DeviceType=iPhone"}
    Remove-Item $l.name
    }
$iuser = @()
$puser = @()
foreach ($l in $iphoneusers | where {$_ -ne $null})
    {
    $u = $l.split(" ")[7]
    if ($iuser -notcontains $u)
        {
        $iuser += "$u"
        }
    $u = $null
    }
	foreach ($l in $palmusers | where {$_ -ne $null})
    {
    $u = $l.split(" ")[7]
    if ($puser -notcontains $u)
        {
        $puser += "$u"
        }
    $u = $null
    }
$body = "<!DOCTYPE html PUBLIC `"-//W3C//DTD XHTML 1.0 Strict//EN`"  `"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd`">"
$body += "<html xmlns=`"http://www.w3.org/1999/xhtml`">"
$body += "<head>"
$body += "<title>iPhone Users</title>"
$body += "</head><body>"
$body += "<table border=1>"
$body += "<colgroup>"
$body += "<col/>"
$body += "</colgroup>"
$body += "<tr><td><b>iPhone Users</b></td></tr>"
foreach ($y in $iuser)
    {
    $body += "<tr><td>$y</td></tr>"
    }
$body += "<tr><td></td></tr>"
$body += "<br>"
$body += "<tr><td><b>Palm Users</b></td></tr>"
foreach ($y in $puser)
    {
    $body += "<tr><td>$y</td></tr>"
    }
$body += "</table>"
$body += "<br>Audited servers:  $servers <br>"
$body += "Audited for:  DeviceType=Palm and DeviceType=iPhone"
$body += "</body></html>"

$smtpServer = "yourmailserver"
$mailer = new-object Net.Mail.SMTPclient($smtpserver)	
$From = "dontreplyiamascript@domain.com"
$To = "youremail@yourdomain.com"
$subject = "Mobile users syncing through OWA in the last $daysold day(s)"
$msg = new-object Net.Mail.MailMessage($from,$to,$subject,$body)	
$msg.IsBodyHTML = $true
$mailer.send($msg)

clear-variable logfiles
clear-variable servers
clear-variable daysold
Fossil 2.20 [0d61fd2310] 2022-10-28 19:48:33
This page was generated in about 0.008s