Mining Exchange 2007 & 2010 Events to a HTML File using Powershell

by Andy Grogan [Published on 17 Aug. 2011 / Last Updated on 17 Aug. 2011]

In Exchange 2007 and 2010 the Application Event Log can get quite large over time, and therefore can be difficult to read through to find the exact event that you are looking for. In this tip I will show you a simple Powershell script which is compatible with both Exchange 2007 and Exchange 2010 – that will allow for you to dump the relevant events that you need to an HTML file.

Whereas the Windows event viewer allows for you to filter events, it can be a little time consuming whilst working out the various settings that you wish to have in order to get the information that you want.
The following Powershell script is simple to use and only needs two items of information which it asks for upon execution:

1.       A value that appears in the “Event Source” part of the event log entry – e.g.  MSExchange ADAccess

2.       The type of event that you would like to mine – e.g. Information, Warning, Error

In order to use the script – copy it into a new PS1 file on the Exchange server that you would like to mine, and then execute it from either the Exchange Management Console or the Powershell console.

$date = Get-Date

 

$Outfile = "c:\ExchangeRep{0}{1:d2}{2:d2}-{3:d2}{4:d2}.htm" -f $date.year,$date.month,$date.day,$date.hour,$date.minute

 

$htmFormat = ""

$htmFormat = $htmFormat + "BODY{background-color:white;}"

$htmFormat = $htmFormat + "TABLE{border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;}"

$htmFormat = $htmFormat + "TH{border-width: 1px;padding: 1px;border-style: solid;border-color: black;background-color:white;font-family: Tahoma}"

$htmFormat = $htmFormat + "TD{border-width: 1px;padding: 1px;border-style: solid;border-color: black;background-color:white;font-family: Tahoma;font-size: 12px}"

$htmFormat = $htmFormat + ""

 

Write-Host "Exchange Event Log Miner Example"

Write-Host ""

 

$eventSource = Read-Host "Please enter in part of the Event Source - e.g. Transport,Mailbox,Search,Assistants "

 

Write-Host ""

Write-Host "What type of event would you like to report on?"

Write-Host ""

Write-Host "1. Information"

Write-Host "2. Warning"

Write-Host "3. Error"

Write-Host ""

$Choice = Read-Host "Please make a numerical choice from above"

 

 

If($Choice -eq 1){

 

      $evtType = "Information"

 

}elseif($Choice -eq 2){

     

      $evtType = "Warning"         

           

}elseif($Choice -eq 3){

     

      $evtType = "Error"

                 

      }else{

           

            Write-Host "You have made an incorrect choice - please try again!" -ForegroundColor Red

}

 

 

Get-EventLog -LogName "Application" | Select EventID,Time,EntryType,Source,Message | Where {$_.EntryType -eq $evtType -and $_.Source -like "*$eventSource*"} | ConvertTo-Html -Head $htmFormat -Title "Exchange Event Log Report" | Out-File $Outfile

 

Invoke-Expression $Outfile

See Also


See Also

Featured Links