Created
August 15, 2016 22:47
-
-
Save JustinGrote/8a518b84acdcc2514c257bc6e74683ca to your computer and use it in GitHub Desktop.
Exchange Extended Message Trace script to parse an Exchange Extended Message Trace into usable Powershell Objects
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.SYNOPSIS | |
Takes an Exchange Extended Message Trace and parses it into usable powershell objects | |
#> | |
[CmdletBinding()] | |
param ( | |
#Path to the extended message trace CSV | |
[Parameter(Mandatory)][String[]]$CSVPath | |
) | |
process { | |
foreach ($CSVPathItem in $CSVPath) { | |
$emt = import-csv $CSVPathItem -ErrorAction Stop | |
foreach ($emtItem in $emt) { | |
#Convert the report line item into a hashtable to add more properties | |
$emtProps = $emtItem.psobject.properties | | |
foreach -begin {$h=[ordered]@{}} -process {$h."$($_.Name)" = $_.Value} -end {$h} | |
#Blank out Extended Properties. Makes sure all objects have these properties for sort/filter purposes | |
$emtProps.SpamFilterReport = $null | |
$emtCustomData = $emtItem.custom_data -split ';' | |
foreach ($emtCustomDataItem in $emtCustomData) { | |
$ResultProps = [ordered]@{} | |
if ($emtCustomDataItem -match '^S:([A-Z]{3,4})=(.*)') { | |
$ResultProps.Agent = $matches[1] | |
$emtCustomDataItem = $matches[2] | |
} | |
#Parser for the Spam Filter Agent | |
if ($ResultProps.Agent -match 'SFA') { | |
$ResultProps.Agent = "SpamFilter" | |
$SFAData = $emtCustomDataItem.split("|") | |
#Spam Engine (SUM) means multiple | |
$ResultProps.Engine = $SFAData[0] | |
#Ascribe all individual properties | |
$SFAData | | |
where {$PSItem -notmatch '^(SUM|SFS|LAT)'} | | |
foreach { | |
$SFADataItem = $PSItem -split '=' | |
if ($SFADataItem.count -eq 0) { | |
write-error "SFA No Value Found" | |
return; | |
} | |
if ($SFADataItem.count -ne 2) { | |
$SFAValue = $null | |
} else { | |
$SFAValue = $SFADataItem[1] | |
} | |
$ResultProps.($SFADataItem[0]) = $SFAValue | |
} | |
#Convert the matched Spam Rules to an arrayed property | |
$ResultProps.SFS = @() | |
$SFAData | | |
where {$PSItem -match 'SFS'} | | |
foreach { | |
$ResultProps.SFS += ($PSItem -split '=')[1] | |
} | |
#Convert the matched LAT to an arrayed property | |
$ResultProps.LAT = @() | |
$SFAData | | |
where {$PSItem -match 'LAT'} | | |
foreach { | |
$ResultProps.LAT += ($PSItem -split '=')[1] | |
} | |
#Construct the final result and output it | |
$emtProps.SpamFilterReport = [PSCustomObject]$ResultProps | |
} | |
} | |
[PSCustomObject]$emtProps | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment