IIS Log Parser Script for Finding Two Items Per Line

Troubleshooting Exchange connectivity issues can often be a chore, especially if you’re trying to go line by line in the IIS logs. The close formatting in those text files makes for a blurry and mind-numbing experience, not to mention how easy it is to miss what you’re actually looking for. To make that experience easier (and to offload the hard work to PowerShell) I’ve put together the following IIS log parser script* that will allow you to search IIS logs remotely on multiple servers for lines that contain two different items and export that data to a CSV. For example, if your helpdesk reports to you that some people are unable to access their mailbox from their ActiveSync device, you may want to start your investigation by searching the IIS logs on multiple CASes for lines that contain both “ActiveSync” and “401”. This script will do just that!

*I’d like to give credit to who created the original script I edited to make this one, but I cannot seem to find it online 🙁

-Eric

#########################################################
# Search Multiple IIS Logs for Multiple Items Per Line 	#
# Created By Eric Kukkuck   04/16/2014			#
#########################################################

# Edit the variables below to meet your needs #

$Path = "\\SERVER1\c$\inetpub\logs\LogFiles\W3SVC1","\\SERVER2\c$\inetpub\logs\LogFiles\W3SVC1"
$PathArray = @()
$ResultsLog = "C:\Temp\IISSearchResults.csv"
$Variable1 = "ActiveSync"
$Variable2 = "401"

# The meat and potatoes #

if (Test-Path $ResultsLog -PathType Leaf) { 
write-host "Delete the current log file and try again " 
exit
}
# This code snippet gets all the files in $Path that end in “.log”.
Get-ChildItem $Path -Recurse -Filter “*.log” |
Where-Object { $_.Attributes -ne “Directory”} |
ForEach-Object {gc $_.FullName | % { if($_ -match "($Variable1.*$Variable2)") {
$_ | add-content -path $ResultsLog }
    }
}

Leave a Reply

Your email address will not be published. Required fields are marked *