PoshCode Logo PowerShell Code Repository

Audit iPhone/Palm Users by Dan Dill 23 months ago (modification of post by psukus view diff)
diff | embed code: <script type="text/javascript" src="http://PoshCode.org/embed/1685"></script>download | new post

This script is intended to use IIS logs to audit OWA/Activesync logs for syncing of mail from an iPhone or a palm device. This script is not perfect, nor the prettiest thing in the world but it works. It could be further added to parse for windows mobile devices. If it was really slick it would grab all the unique values in the DeviceType= portion and then automatically include all mobile types. You can email the results to yourself in $To varible.

  1. #Created by P. Sukus
  2. #Modified by D. Dill
  3. #Name: mobile users syncing through OWA audit
  4. #set the timeframe to audit in days
  5. $Daysold = 1
  6. $Date = (get-date).adddays(-$daysold)
  7. $servers = "server1", "server2", "server3"
  8. foreach ($s in $servers)
  9.     {
  10.     Write-host -ForegroundColor Blue "Checking server $s for files from the last $daysold day(s)"
  11.     $logfiles += gci -path \\$s\c$\inetpub\logs\LogFiles\W3SVC1 | where {$_.LastWriteTime -gt $date}
  12.     }
  13.    
  14. Foreach ($l in $logfiles)
  15.     {
  16.    
  17.     Write-host "Processing "$l.fullname
  18.     Copy-item $l.fullname -Destination $pwd.path
  19.         $palmusers +=  gc $l.name | where {$_ -match "DeviceType=Palm"}
  20.         $iphoneusers +=  gc $l.name | where {$_ -match "DeviceType=iPhone"}
  21.     Remove-Item $l.name
  22.     }
  23. $iuser = @()
  24. $puser = @()
  25. foreach ($l in $iphoneusers | where {$_ -ne $null})
  26.     {
  27.     $u = $l.split(" ")[7]
  28.     if ($iuser -notcontains $u)
  29.         {
  30.         $iuser += "$u"
  31.         }
  32.     $u = $null
  33.     }
  34.         foreach ($l in $palmusers | where {$_ -ne $null})
  35.     {
  36.     $u = $l.split(" ")[7]
  37.     if ($puser -notcontains $u)
  38.         {
  39.         $puser += "$u"
  40.         }
  41.     $u = $null
  42.     }
  43. $body = "<!DOCTYPE html PUBLIC `"-//W3C//DTD XHTML 1.0 Strict//EN`"  `"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd`">"
  44. $body += "<html xmlns=`"http://www.w3.org/1999/xhtml`">"
  45. $body += "<head>"
  46. $body += "<title>iPhone Users</title>"
  47. $body += "</head><body>"
  48. $body += "<table border=1>"
  49. $body += "<colgroup>"
  50. $body += "<col/>"
  51. $body += "</colgroup>"
  52. $body += "<tr><td><b>iPhone Users</b></td></tr>"
  53. foreach ($y in $iuser)
  54.     {
  55.     $body += "<tr><td>$y</td></tr>"
  56.     }
  57. $body += "<tr><td></td></tr>"
  58. $body += "<br>"
  59. $body += "<tr><td><b>Palm Users</b></td></tr>"
  60. foreach ($y in $puser)
  61.     {
  62.     $body += "<tr><td>$y</td></tr>"
  63.     }
  64. $body += "</table>"
  65. $body += "<br>Audited servers:  $servers <br>"
  66. $body += "Audited for:  DeviceType=Palm and DeviceType=iPhone"
  67. $body += "</body></html>"
  68.  
  69. $smtpServer = "yourmailserver"
  70. $mailer = new-object Net.Mail.SMTPclient($smtpserver)  
  71. $From = "dontreplyiamascript@domain.com"
  72. $To = "youremail@yourdomain.com"
  73. $subject = "Mobile users syncing through OWA in the last $daysold day(s)"
  74. $msg = new-object Net.Mail.MailMessage($from,$to,$subject,$body)       
  75. $msg.IsBodyHTML = $true
  76. $mailer.send($msg)
  77.  
  78. clear-variable logfiles
  79. clear-variable servers
  80. clear-variable daysold

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting:


Remember me