Check Exchange SMTP Logs To Get Unique Sender IP Addresses

Script is intended to help determine servers that are using an Exchange server to connect and send email. This is especially pertinent in a decomission scenario, where the logs are to be checked to ensure that all SMTP traffic has been moved to the correct endpoints.

 
 
 
 
 
(0)
1,461 times
Add to favorites
Exchange
1/26/2019
E-mail Twitter del.icio.us Digg Facebook
  • Very nice but very slow
    1 Posts | Last post January 16, 2020
    • Thank you very much for contributing this little script. I had to analze 30 SMTP logs, 10MB size each. I ran the script on them, and after about 7 hours of running time it had analyzed only the first 16 log files. I looked through the code and found the reason for the script being that slow: It's basically the += operation in line 126, where the output array is built. This is an extremely expensive operation, as it does not simply add an item to an existing array, but it builds a new array from the old one and appends the new item at the end. As the array get's quite big, this operation takes longer and longer with every item being added to it.
      
      The solution:
      1. In line 78 change the array declaration to: $output = New-Object System.Collections.ArrayList
      
      2. Change line 126 to: $Output.add($IP) > $null
      
      Actually I changed line 126 to "$Output.Add($Line.split(",")[5].Split(":")[0]) > $null"
      and I removed all the other lines in the loop, gaining even more speed.
      
      The result: I analyzed my 30 log files in less than 2 minutes. A quite impressive gain ;-)
      
      I wanted to share this with you, so you can adopt the script and more people can benefit from the performance gain.
      
      Cheers,
      Max