1. $LogTimeframeInDays = 30
  2. $TimeStemp = Get-Date -format ddMMyyhhmmss
  3. $ReportFilePath = "C:\Users\adm.filip.kasaj\Desktop\SMTPRelayApps_$TimeStemp.csv"
  4. $SMTPReveiveLogFolder = "C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog\SmtpReceive"
  5. #Log header: date-time,connector-id,session-id,sequence-number,local-endpoint,remote-endpoint,event,data,context
  6. $ExchangeServers = "P00000011","P00000012","P00000013","P00000014"
  7. $ProgressActivityName = "SMTP log data loading..." 
  8. $ConnectorName = "Open relay"
  9.  
  10. $AllLogs = @()
  11. foreach($ExchangeServer in $ExchangeServers){
  12.        $SMTPReveiveLogFolderPath = "\\$ExchangeServer\"+$SMTPReveiveLogFolder -replace (":","$")
  13.        $LogFiles = Get-ChildItem $SMTPReveiveLogFolderPath|where-Object {$_.LastWriteTime -ge (Get-Date).AddDays(-$LogTimeframeInDays)}
  14.        $ProgressCount = 0
  15.        foreach($LogFile in $LogFiles){
  16.               $ProgressCount++
  17.               Write-Progress -Activity $ProgressActivityName -Status "Current Count: $ProgressCount" -PercentComplete ($ProgressCount/$LogFiles.count*100) -CurrentOperation $($ExchangeServer+" - "+$LogFile.Name)
  18.               $LogData = Get-Content $LogFile.FullName| Where-Object {$_ -notlike '#*' -and $_ -like "*$ConnectorName*"}
  19.               $AllLogs += $LogData |ConvertFrom-Csv -Header date-time,connector-id,session-id,sequence-number,local-endpoint,remote-endpoint,event,data,context
  20.        }
  21. }
  22. write-host "Report creation: It can take a while..."
  23. $FilteredLogs = $AllLogs|sort -unique session-id|select date-time,connector-id,@{n="remote-endpoint";e={$_."remote-endpoint".split(":")[0]}}
  24. $FilteredLogs | sort -unique remote-endpoint | Export-Csv -Path $ReportFilePath -Encoding unicode -NoTypeInformation -Delimiter "`t"