chipitsine/report.ps1

## report.ps1
#requires -version 4.0

cls

$CurrentDir = [System.IO.Path]::GetDirectoryName($myInvocation.MyCommand.Definition)

$ProgDir = (${env:ProgramFiles(x86)}, ${env:ProgramFiles} -ne $null)[0]
$LogParserExe = (Join-Path $ProgDir '\Log Parser 2.2\LogParser.exe')

$Header = @"
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<style>
TABLE {border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;}
TH {border-width: 1px;padding: 3px;border-style: solid;border-color: black;background-color: #6495ED;}
TD {border-width: 1px;padding: 3px;border-style: solid;border-color: black;}
</style>
"@

If(-not(Test-Path -path $LogParserExe)){
    'LogParser.exe is missing at {0}' -f $LogParserExe
    'download link: https://www.microsoft.com/en-us/download/details.aspx?id=24659'
    exit 1
}

$query = @"
SELECT c-ip AS Client_IP,
       REVERSEDNS(c-ip) AS Host_Name,
       COUNT(*) AS Seen_Count,
       MIN(QUANTIZE(TO_TIMESTAMP(date, time), 3600)) AS First_Seen,
       MAX(QUANTIZE(TO_TIMESTAMP(date, time), 3600)) AS Last_Seen

INTO '{0}'
FROM '\\siphon\c$\inetpub\logs\LogFiles\W3SVC3\u_extend1.log'

WHERE cs(User-Agent)='Microsoft+NCSI'
AND TO_LOCALTIME(TO_TIMESTAMP(date, time)) > SUB(TO_LOCALTIME(SYSTEM_TIMESTAMP()), TIMESTAMP('0000-01-01 08:00', 'yyyy-MM-dd HH:mm'))
GROUP BY c-ip
ORDER BY c-ip
"@

$temp = (Join-Path $CurrentDir ('{0}.csv' -f ([System.Guid]::NewGuid().toString())))

& $LogParserExe -i:IISW3C ($query -f $temp) -o:CSV

$smtp = New-Object system.net.mail.smtpclient -argument 'smtp.kontur'
$mail = New-Object System.Net.Mail.MailMessage
$mail.IsBodyHtml = $true
$mail.From = 'chipitsine@kontur.ru'
$mail.Subject = 'компьютеры не в домене (за последние 8 часов)'

$mail.To.Clear();
$mail.To.Add('chipitsine@kontur.ru')
$mail.Body = (Get-Content $temp | ConvertFrom-Csv | ConvertTo-Html -Head $Header )

$smtp.Send($mail)

Remove-Item $temp
	#requires -version 4.0

	cls

	$CurrentDir = [System.IO.Path]::GetDirectoryName($myInvocation.MyCommand.Definition)

	$ProgDir = (${env:ProgramFiles(x86)}, ${env:ProgramFiles} -ne $null)[0]
	$LogParserExe = (Join-Path $ProgDir '\Log Parser 2.2\LogParser.exe')

	$Header = @"
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
	<style>
	TABLE {border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;}
	TH {border-width: 1px;padding: 3px;border-style: solid;border-color: black;background-color: #6495ED;}
	TD {border-width: 1px;padding: 3px;border-style: solid;border-color: black;}
	</style>
	"@

	If(-not(Test-Path -path $LogParserExe)){
	'LogParser.exe is missing at {0}' -f $LogParserExe
	'download link: https://www.microsoft.com/en-us/download/details.aspx?id=24659'
	exit 1
	}

	$query = @"
	SELECT c-ip AS Client_IP,
	REVERSEDNS(c-ip) AS Host_Name,
	COUNT(*) AS Seen_Count,
	MIN(QUANTIZE(TO_TIMESTAMP(date, time), 3600)) AS First_Seen,
	MAX(QUANTIZE(TO_TIMESTAMP(date, time), 3600)) AS Last_Seen

	INTO '{0}'
	FROM '\\siphon\c$\inetpub\logs\LogFiles\W3SVC3\u_extend1.log'

	WHERE cs(User-Agent)='Microsoft+NCSI'
	AND TO_LOCALTIME(TO_TIMESTAMP(date, time)) > SUB(TO_LOCALTIME(SYSTEM_TIMESTAMP()), TIMESTAMP('0000-01-01 08:00', 'yyyy-MM-dd HH:mm'))
	GROUP BY c-ip
	ORDER BY c-ip
	"@

	$temp = (Join-Path $CurrentDir ('{0}.csv' -f ([System.Guid]::NewGuid().toString())))

	& $LogParserExe -i:IISW3C ($query -f $temp) -o:CSV

	$smtp = New-Object system.net.mail.smtpclient -argument 'smtp.kontur'
	$mail = New-Object System.Net.Mail.MailMessage
	$mail.IsBodyHtml = $true
	$mail.From = 'chipitsine@kontur.ru'
	$mail.Subject = 'компьютеры не в домене (за последние 8 часов)'

	$mail.To.Clear();
	$mail.To.Add('chipitsine@kontur.ru')
	$mail.Body = (Get-Content $temp \| ConvertFrom-Csv \| ConvertTo-Html -Head $Header )

	$smtp.Send($mail)

	Remove-Item $temp