sujunmin/graylog-rest-api-example.ps1

## graylog-rest-api-example.ps1
Set-Location "C:\reports"
$Users = "sujunmin"
$MailFrom = "from@mail.com"
$MailTo = "sujunmin@gmail.com"
$MailServer = "mail.server.ip"
$UserToken = "token"
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:token" -f $UserToken)))


$Users | Foreach-Object {
  $reportdate = (get-date).AddDays(-1)
  $uri = "http://graylog-server:9000/api/search/universal/absolute?query=message%3A" + $_ + "*&from=" + ('{0:yyyy-MM-dd}' -f $reportdate) + "T00%3A00%3A00.000Z&to=" + ('{0:yyyy-MM-dd}' -f $reportdate) + "T23%3A59%3A59.999Z&decorate=false"
  $rawdata = (Invoke-WebRequest -Uri $uri -Method Get -Headers @{"Content-Type"="application/json";"Authorization" = ("Basic {0}" -f $base64AuthInfo)}).Content

  $resultcount = ($rawdata | ConvertFrom-Json).total_results

  if ($resultcount -ne 0)
  {
    $rawdata | out-file ".\$_.log"

    $d = New-Object 'system.collections.generic.dictionary[string,int]'

    $test = $rawdata | ConvertFrom-Json | select -expand messages | select -expand message | select full_message

    $test | Foreach-Object {
      $test3 = [regex]::Matches($_.full_message, "Original Address=([^\s]+)")
      $test4 = $test3[0].value.split("=")
      $d[$test4[1]] = $d[$test4[1]] + 1;
    }

    $outputdata = "Hi all, <br> $_ 在 " + ('{0:yyyy-MM-dd}' -f $reportdate) + " 事件數量紀錄如下<br/>"
    $d | Format-Table  @{L='Host(s)';E={$_.key}}, @{L='Event Count(s)';E={$_.value}} -auto | out-file ".\ooo.txt"
    Get-Content ".\ooo.txt" | Foreach-Object {
       $outputdata = $outputdata + $_
       $outputdata = $outputdata + "<br/>"

    }

    $outputdata = $outputdata + "<br/>詳細請參考附件資料。"

    $d.Clear()

    Send-MailMessage -To $MailTo -From $MailFrom -Subject (('{0:yyyy-MM-dd}' -f $reportdate) + " $_ 事件紀錄統計") -Body "$outputdata" -BodyAsHtml -SmtpServer $MailServer -Encoding ([System.Text.Encoding]::UTF8) -Attachments ".\$_.log"

  }
}
	Set-Location "C:\reports"
	$Users = "sujunmin"
	$MailFrom = "from@mail.com"
	$MailTo = "sujunmin@gmail.com"
	$MailServer = "mail.server.ip"
	$UserToken = "token"
	$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:token" -f $UserToken)))


	$Users \| Foreach-Object {
	$reportdate = (get-date).AddDays(-1)
	$uri = "http://graylog-server:9000/api/search/universal/absolute?query=message%3A" + $_ + "*&from=" + ('{0:yyyy-MM-dd}' -f $reportdate) + "T00%3A00%3A00.000Z&to=" + ('{0:yyyy-MM-dd}' -f $reportdate) + "T23%3A59%3A59.999Z&decorate=false"
	$rawdata = (Invoke-WebRequest -Uri $uri -Method Get -Headers @{"Content-Type"="application/json";"Authorization" = ("Basic {0}" -f $base64AuthInfo)}).Content

	$resultcount = ($rawdata \| ConvertFrom-Json).total_results

	if ($resultcount -ne 0)
	{
	$rawdata \| out-file ".\$_.log"

	$d = New-Object 'system.collections.generic.dictionary[string,int]'

	$test = $rawdata \| ConvertFrom-Json \| select -expand messages \| select -expand message \| select full_message

	$test \| Foreach-Object {
	$test3 = [regex]::Matches($_.full_message, "Original Address=([^\s]+)")
	$test4 = $test3[0].value.split("=")
	$d[$test4[1]] = $d[$test4[1]] + 1;
	}

	$outputdata = "Hi all, <br> $_ 在 " + ('{0:yyyy-MM-dd}' -f $reportdate) + " 事件數量紀錄如下<br/>"
	$d \| Format-Table @{L='Host(s)';E={$_.key}}, @{L='Event Count(s)';E={$_.value}} -auto \| out-file ".\ooo.txt"
	Get-Content ".\ooo.txt" \| Foreach-Object {
	$outputdata = $outputdata + $_
	$outputdata = $outputdata + "<br/>"

	}

	$outputdata = $outputdata + "<br/>詳細請參考附件資料。"

	$d.Clear()

	Send-MailMessage -To $MailTo -From $MailFrom -Subject (('{0:yyyy-MM-dd}' -f $reportdate) + " $_ 事件紀錄統計") -Body "$outputdata" -BodyAsHtml -SmtpServer $MailServer -Encoding ([System.Text.Encoding]::UTF8) -Attachments ".\$_.log"

	}
	}