leechristensen/ParseRPCClientAccessLogs.ps1

## ParseRPCClientAccessLogs.ps1
# Author: Lee Christensen (@tifkin_)

#$RPClientLogDir = "$($env:exchangeinstallpath)\Logging\RPC Client Access\"
$RPClientLogDir = "."
$NumberOfLogs = 100
$RecentLogs = ls "$RPClientLogDir\*.log" | sort LastWriteTime -Descending | select -First $NumberOfLogs -ExpandProperty FullName

$UserLogons = @()
foreach($Log in $RecentLogs)
{
    $LogFile = Get-Content $Log | select -Skip 5

    $RCAHeaders2010 = "date-time","session-id","seq-number","client-name","organization-info","client-software","client-software-version","client-mode","client-ip","server-ip","protocol","application-id","operation","rpc-status","processing-time","operation-specific","failures"
    $RCAHeaders2013 = "date-time","session-id","seq-number","client-name","organization-info","client-software","client-software-version","client-mode","client-ip","client-connection-info","server-ip","protocol","application-id","request-ids","session-cookie","operation","rpc-status","processing-time","operation-specific","failures","performance-data","activity-context-data"

    $CsvLog = ConvertFrom-Csv $LogFile -Header $RCAHeaders2013

    $LogonData = $CsvLog | select -property @{N='User';E={$_."client-name"}}, @{N='ClientIPAddress';E={$_."client-ip"}} | ?{
        $_.ClientIPAddress `
        -and $_.ClientIPAddress -notmatch '127.0.0.1|::1|^fe80:'
    }

    $UserLogons += $LogonData
}


$UserLogons | sort -Unique -Property User,ClientIPAddress | Out-GridView
	# Author: Lee Christensen (@tifkin_)

	#$RPClientLogDir = "$($env:exchangeinstallpath)\Logging\RPC Client Access\"
	$RPClientLogDir = "."
	$NumberOfLogs = 100
	$RecentLogs = ls "$RPClientLogDir\*.log" \| sort LastWriteTime -Descending \| select -First $NumberOfLogs -ExpandProperty FullName

	$UserLogons = @()
	foreach($Log in $RecentLogs)
	{
	$LogFile = Get-Content $Log \| select -Skip 5

	$RCAHeaders2010 = "date-time","session-id","seq-number","client-name","organization-info","client-software","client-software-version","client-mode","client-ip","server-ip","protocol","application-id","operation","rpc-status","processing-time","operation-specific","failures"
	$RCAHeaders2013 = "date-time","session-id","seq-number","client-name","organization-info","client-software","client-software-version","client-mode","client-ip","client-connection-info","server-ip","protocol","application-id","request-ids","session-cookie","operation","rpc-status","processing-time","operation-specific","failures","performance-data","activity-context-data"

	$CsvLog = ConvertFrom-Csv $LogFile -Header $RCAHeaders2013

	$LogonData = $CsvLog \| select -property @{N='User';E={$_."client-name"}}, @{N='ClientIPAddress';E={$_."client-ip"}} \| ?{
	$_.ClientIPAddress `
	-and $_.ClientIPAddress -notmatch '127.0.0.1\|::1\|^fe80:'
	}

	$UserLogons += $LogonData
	}


	$UserLogons \| sort -Unique -Property User,ClientIPAddress \| Out-GridView