Powershell functions Searching Logs For Solarwinds

This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of Jon Jon 7 months, 2 weeks ago.

  • Author
    Posts
  • #59662
    Profile photo of Jon
    Jon
    Participant

    I Was Given this powershell Script and told I'd be able to use it in Solarwinds to monitor who logs into the Milestone Application. Any advice on how to get the script to output in a format Solar Winds can read? Or just get it working in general?

    I keep getting "Testing on Node Failed With Down Status" When I Try to Test/Run it.

     
    Function printUsers
    {
      #Search through the specificed log files and grab the user name and date of any logins
      $LogDirectory = "C:\ProgramData\Milestone\Milestone Surveillance"
      $LogPattern = "ISLog_*.log"
      #GMB; 20140103; Changed to only search the past two months of log files
      #GMB; 20141204; Removed this option and will search all log file for NY
      #$TwoMonthsAgo = ((Get-Date).AddMonths(-2)).Date
      #$File = Get-ChildItem $LogDirectory -include $LogPattern -recurse | where {$_.CreationTime -ge $TwoMonthsAgo}
      $File = Get-ChildItem $LogDirectory -include $LogPattern -recurse
      $SearchString = "Basic user authorized:"
      $Logins = @("")
     
     
      #Search through Milestone Surveillance logs for logins
      ForEach ($Entry in $File)
      {
      $List = select-string -pattern $SearchString $Entry
      $PatternCount = $List.LongLength
      if ($PatternCount -gt 1)
      {
      $PatternCount-- #Decrease the count by one to match the zero based array format
      while ($PatternCount -ge 0)
      {
      $Temp = $List[$PatternCount].Line.Split(" ")
      $x = $Temp[0]
      $x = $x.replace("-","")
      $x = $x + ";" + $Temp[5].Substring(0,$Temp[5].Length-1)
      if ($Logins -NotContains $x)
      {
      $Logins = $Logins + $x
      }
      $PatternCount--
      }
      }
      }
     
     
      #Search through Milestone Mobile logs for logins
      #GMB; 20140317; Updated to new location of log files for Milestone Mobile 2.5
      $LogDirectory = "C:\ProgramData\Milestone\Milestone Mobile Server\Logs"
      $LogPattern = "MobileServer*.log"
      #GMB; 20140103; Changed to only search the past two months of log files
      #GMB; 20141204; Removed this option and will search all log file for NY
      #$File = Get-ChildItem $LogDirectory -include $LogPattern -recurse | where {$_.CreationTime -ge $TwoMonthsAgo}
      $File = Get-ChildItem $LogDirectory -include $LogPattern -recurse
      $SearchString = "LogIn;OK"
      ForEach ($Entry in $File)
      {
      $List = @(select-string -pattern $SearchString $Entry)
      $PatternCount = $List.LongLength
      if ($PatternCount -gt 0)
      {
      $PatternCount-- #Decrease the count by one to match the zero based array format
      while ($PatternCount -ge 0)
      {
      $Temp = $List[$PatternCount].Line.Split(";")
      $x = $Temp[0]
      $x = $x.replace("-","")
      $x = $x + ";" + $Temp[8]
      if ($Logins -NotContains $x)
      {
      $Logins = $Logins + $x
      }
      $PatternCount--
      }
      }
      }
     
      # Sort through the data collected from the log files and build a list with only the unique user names
      $y = $Logins.LongLength - 1
      $LoginNames = @("")
      while ($y -gt 0)
      {
      $z = $Logins[$y].Split(";")
      if ($LoginNames -NotContains $z[1])
      {
      #GMB; 20141204; List all users even if they are not still on Master for NY
      # Only add the user to the list if it is in the list of authorized users from the Master
      #if ($AuthorizedUsers -Contains $z[1])
      #{
      $LoginNames = $LoginNames + $z[1]
      #}
      }
      $y--
      }
     
      $Logins = $Logins | Sort # Sort the logins by date
     
      #For each unique user name get all of the dates they have logged in
      $LoginNameDate = @("")
      $y = $LoginNames.LongLength - 1
      while ($y -gt 0)
      {
      $z = $Logins.LongLength - 1
      $x = $LoginNames[$y]
      while ($z -gt 0)
      {
      if ($Logins[$z] -Match $LoginNames[$y])
      {
      $w = $Logins[$z].Split(";")
      $w[0] = ([datetime]::ParseExact($w[0],"yyyyMMdd",$null))
      $x = $x + ";" + (date $w[0] -format MM/dd/yyyy)
      }
      $z--
      }
      $LoginNameDate = $LoginNameDate + $x
      $y--
      } }
    
  • #59671
    Profile photo of Jeffery Hayes
    Jeffery Hayes
    Participant

    Are you connected to that Server that has the Log Directory on it?

  • #59676
    Profile photo of Jon
    Jon
    Participant

    Yes, I Run this on workstations that have the Folder there, and usually end up with nothing.

    Even If I Run the script locally and output to a TXT file, it's blank.

You must be logged in to reply to this topic.