Логи в почту или eventvwr – часть 2
По мотивам записи о получении логов в почту. Переписал скрипт, устал получать нулевые (пустые) файлы на почту. Пока тестировал, попал в спам у Google.
Скрипт теперь проверяет размер файла и если он больше 0 кб, то архивируется, если равен 0, то удаляется.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
Remove-Item C:\Logs\* $compname = $(Get-WmiObject Win32_Computersystem).name $FileSecurity = "C:\LogS\Security.txt" Get-EventLog Security -After (Get-date -hour 0 -minute 0 -second 0) | where {$_.EntryType -eq "Error" -or $_.EntryType -eq "Warning" -or $_.EntryType -eq "Critical"} | Out-File -FilePath $FileSecurity -encoding UTF8 -width 500 $FileApplication = "C:\LogS\Application.txt" Get-EventLog Application -After (Get-date -hour 0 -minute 0 -second 0) | where {$_.EntryType -eq "Error" -or $_.EntryType -eq "Warning" -or $_.EntryType -eq "Critical"} | Out-File -FilePath $FileApplication -encoding UTF8 -width 500 $FileSystem = "C:\LogS\System.txt" Get-EventLog System -After (Get-date -hour 0 -minute 0 -second 0) | where {$_.EntryType -eq "Error" -or $_.EntryType -eq "Warning" -or $_.EntryType -eq "Critical"} | Out-File -FilePath $FileSystem -encoding UTF8 -width 500 $FileHardwareEvents = "C:\LogS\HardwareEvents.txt" Get-EventLog HardwareEvents -After (Get-date -hour 0 -minute 0 -second 0) | where {$_.EntryType -eq "Error" -or $_.EntryType -eq "Warning" -or $_.EntryType -eq "Critical"} | Out-File -FilePath $FileHardwareEvents -encoding UTF8 -width 500 $FileSecurity2 = "C:\Logs\Security.csv" Get-EventLog Security 4648 -after ((get-date).addDays(-1)) | where {$_.Message -match "whitebird"} | Export-CSV $FileSecurity2 -notypeinformation -Encoding UTF8 $FileSecurity3 = "C:\Logs\Fail-logins.csv" Get-EventLog Security 4625 -after ((get-date).addDays(-1)) | Export-CSV $FileSecurity3 -notypeinformation -Encoding UTF8 $l1 = Get-Item $FileSecurity if ($l1.Length -cle 0) { Remove-Item $FileSecurity } $l2 = Get-Item $FileApplication if ($l2.Length -cle 0) { Remove-Item $FileApplication } $l3 = Get-Item $FileSystem if ($l3.Length -cle 0) { Remove-Item $FileSystem } $l4 = Get-Item $FileHardwareEvents if ($l4.Length -cle 0) { Remove-Item $FileHardwareEvents } $l5 = Get-Item $FileSecurity2 if ($l5.Length -cle 3) { Remove-Item $FileSecurity2 } $l6 = Get-Item $FileSecurity3 if ($l6.Length -cle 3) { Remove-Item $FileSecurity3 } $Date = Get-Date -format dd-MM-yyyy $Folder = "C:\LogS\" $Archive = "C:\LogS\$compname---$date.zip" $rar = 'C:\Program Files\WinRAR\Rar.exe' &$rar a "$Archive" $Folder Start-Sleep -Seconds 20 $From = "Откого@домен.ру" $To = "Кому@домен.ру" $SMTPServer = "smtp.домен.ру" $SMTPPort = "587" $Username = "Откого@домен.ру" $Password = "П@роль" $subject = "$compname - логи за $Date" $body = "Тема письма" $EmailAttachment = $Archive $message = New-Object System.Net.Mail.MailMessage $From, $To $message.Subject = $subject $message.IsBodyHTML = $true $message.Body = $body $smtp = New-Object System.Net.Mail.SmtpClient($SMTPServer, $SMTPPort) $smtp.EnableSSL = $true $smtp.Credentials = New-Object System.Net.NetworkCredential($Username, $Password) $Attachment = New-Object System.Net.Mail.Attachment($EmailAttachment, 'text/plain') $message.Attachments.Add($Attachment) $smtp.Send($message) Start-Sleep -Seconds 20 Remove-Item C:\Logs\* |
Скрипт работает исправно, теперь пустых писем нет.