forked from 12Knocksinna/Office365itpros
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAnalyze-MTHistoricalLogs.PS1
66 lines (57 loc) · 3.55 KB
/
Analyze-MTHistoricalLogs.PS1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
# Analyze-MTHistoricalLogs.PS1
# Folder where the historical message tracking logs downloaded from Exchange Online are stored
$DataFolder = "c:\temp\MtData\"
$CSVFile = "c:\temp\HistoricalMessageTrace.CSV"
[array]$DataFiles = Get-ChildItem -Path $DataFolder | Select-Object -ExpandProperty Name
If (!($DataFiles)) {
Write-Host "No historical message tracking logs to analyze - exiting"
Break
}
Write-Host ("Preparing to process {0} historical message trace data files..." -f $DataFiles.count)
$Report = [System.Collections.Generic.List[Object]]::new() # Create output file for report
ForEach ($File in $DataFiles) {
$MtDataFile = $DataFolder + $File
[array]$MtData = Import-CSV -Path $MtDataFile -Encoding unicode
ForEach ($Line in $MtData) {
If (!([string]::IsNullOrEmpty($Line.origin_timestamp_utc))) {
[array]$RecipientStatus = $Line.Recipient_Status.split(";")
# array of individual recipients for a message
$RecipientInfo = [System.Collections.Generic.List[Object]]::new()
ForEach ($RecipientDetail in $RecipientStatus) {
$Recipient = $RecipientDetail.Split("##")[0]
$RecipientOutcome = $RecipientDetail.Split("##")[1]
$RecipientLine = [PSCustomObject]@{
Recipient = $Recipient
Outcome = $RecipientOutcome
}
$RecipientInfo.Add($RecipientLine)
}
$SenderDomain = $Line.Sender_address.Split("@")[1]
$ReportLine = [PSCustomObject]@{
Timestamp = $Line.origin_timestamp_utc
Sender = $Line.sender_address
Subject = $Line.message_subject
Recipient = $Line.Recipient_Status
RecipientInfo = $RecipientInfo
Outcome = $RecipientOutcome
Bytes = $Line.total_bytes
Message_id = $Line.message_id
Sender_Domain = $SenderDomain
Client_IP = $Line.original_client_ip
Direction = $Line.directionality
}
$Report.Add($ReportLine)
}
}
}
$Report | Sort-Object TimeStamp | Select-Object Timestamp, Sender, Subject, Recipient | Out-GridView
$Report | Export-CSV -NoTypeInformation $CSVFile
# Split into outbound and inbound files (when we have data files containing both types of data)
$OutboundEmail = $Report | Where-Object {$_.Direction -eq 'Originating'} | Sort-Object Timestamp
$InboundEmail = $Report | Where-Object {$_.Direction -eq 'Incoming'} | Sort-Object Timestamp
Write-Host ("{0} records found for inbound email" -f $InboundEmail.count)
Write-Host ("{0} records found for outbound email" -f $OutboundEmail.count)
# An example script used to illustrate a concept. More information about the topic can be found in the Office 365 for IT Pros eBook https://gum.co/O365IT/
# and/or a relevant article on https://office365itpros.com or https://www.practical365.com. See our post about the Office 365 for IT Pros repository # https://office365itpros.com/office-365-github-repository/ for information about the scripts we write.
# Do not use our scripts in production until you are satisfied that the code meets the needs of your organization. Never run any code downloaded from the Internet without
# first validating the code in a non-production environment.