cruisinit

# 20190319 Log4net-Monitor.ps1 # Sends a mail when a search term is logged in log4net logs. Can e.g. be run as a Scheduled Task. Logs hits to not repeatedly alert same log entries. # Understand the script before you use it. param ( [string]$AppLogFile = “C:\temp\logs\server\app.log”, [string]$SearchTerm = ”.SQLException” ) $Error.Clear() [string]$strLogFile = $PSCommandPath + ”.log” $Body = $null if ( (Test-Path $strLogFile) -eq $false ) { Set-Content -Path $strLogFile -Value “LogMonitorrn____________rn” } [boolean]$blnNewEntries = $false if ( (Test-Path $AppLogFile) -eq $false ) { Write-Error “No log file to parse, $AppLogFile was given.” } else { [string]$strAppLogFile = $AppLogFile + ”.tmp” Copy-Item $AppLogFile $strAppLogFile [string[]]$astrLogContent = ([io.file]::ReadAllText($strAppLogFile)).Replace(“rn “,” “).Replace(“rn([a-z,A-Z])”,” $2”) -split(“rn”) -match($SearchTerm) [string[]]$astrEntriesAlreadySent = Get-Content $strLogFile for ($i = 0;$i -lt $astrLogContent.count; $i++) { [string[]]$astrRow = $astrLogContent[$i].Split(“[“) [string]$strTime = $astrRow[0].Trim() if ($strTime -in $astrEntriesAlreadySent -or $strTime -notlike '20*' ) { $astrLogContent[$i] = ”(Deleted)” } else { $blnNewEntries = $true Add-Content $strLogFile -Value $strTime } } switch ($blnNewEntries) { $true { [string]$Body = ($astrLogContent -notmatch(”(Deleted)”) | Sort-Object) -join(“rn”) } $false { [string]$Body = “No new entries for search term.” } } } if ($error -ne $null) { $Body += “rnrnErrorsrn” $Body += ($Error | Select-Object *) } $Body += “rnrnLog entries sentrn________rn” [string[]]$astrParseLogSentWholeStory = Get-Content $strLogFile $Body += ($astrParseLogSentWholeStory -match '20*') -join(“rn”) if ($blnNewEntries -or ($Error -ne $null)) { Send-MailMessage -From me@org.org -To me@org.org -Body $Body -SmtpServer 192.168.22.11 -Subject “New $SearchTerm or script error on $env:COMPUTERNAME in $AppLogFile” }