Get-IISStats.ps1
Get-IISStats.ps1 The purpose of this script is to parse IIS log files for a specific user, timerange and AD-site for troubleshooting and analytic reasons. Requirements: • LogParser.exe • Access to UNC path to the Exchange server • Extended IIS logging (cs-bytes,sc-bytes) The script enumerates the Exchange servers automatically from the current or given AD-site. It looks for Exchange 2010 server with CAS role installed and Exchange 2013 Mailbox server. You can search for requests from one (UserID|DeviceID) object or multiple (UserIDs|DeviceIDs) objects. UserID and UserIDs are looking for the cs-username field, while DeviceID and DeviceIDs are looking for an extracted string. If there was a result you will find a file with all the entries for this specific user: The output is always in the following format: yyMMdd_Hits_by_<UserID>_<AD-site>_<script starttime>.csv Troubleshooting Page 1 yyMMdd_Hits_by_<UserID>_<AD-site>_<script starttime>.csv You can use Excel or your favorite viewer to exam the file. Here I used Excel: If you use the switch "-EASDetails" you will get more ActiveSync related details from the logs: Troubleshooting Page 2 Here I filtered "Client" for "ActiveSyncLoadgen" Troubleshooting Page 3 In general the difference in headers are the following: w/o EASDetails TimeUTC,ServerIP,ClientIP,User,Client,Request,DeviceId,EASCmd,EASError,HttpStatus,Win32StatusDescription,Time taken in MS,Bytes received,Bytes sent,Host,RequestDetails with EASDetails TimeUTC,ServerIP,ClientIP,User,Client,Request,DeviceId,HttpStatus,Win32StatusDescription,Time taken in MS,Bytes received,Bytes sent,Host,EASCmd,EASError,EASSyncType,EASStatus,EASABQStatus,EASSyncKey,EASFolderType,EASFilter,EASServerChanges,EASClientChanges,EASProxy,EAS MBXServer,EASHeartBeat,EASFolderCount,EASFolderId,EASRPCCount,EASRPCLatency,EASLdapCount,EASLdapLatency,EASLog EASLog is the extracted part from where all the other EAS related data get extracted. Note: A known issue is that currently only the first entry is parsed for the EAS details when you have a EASFolderCount greater then 1. If you have an EASFolderCount greater then 1 and you need more information you need to analyze the "EASLog" value! You can search for multiple users when using the switch "-UserIDS" or for multiple devices "-DeviceIDs". All users or devices needs to be comma deliminated. Troubleshooting Page 4 Statistics The script could also be used to create some statistics and reports. EASReport This creates a report based on the script here: http://blogs.technet.com/b/exchange/archive/2012/01/31/a-script-to-troubleshoot-issues-with-exchange-activesync.aspx I just added the count of Sync types. Troubleshooting Page 5 ClientReport This creates a report of all clients and the number of hits. Note: This is the number of hits and NOT the unique number! Troubleshooting Page 6 EASErrorReport This creates a report off all ActiveSync errors per server , user and device ID (Server,DeviceId,EASError,Hits) Troubleshooting Page 7 General statistic If no UserID/UserIDs or Device/DeviceIDs is provided the script will run 4 queries: • Collect all IIS errors (Request,HttpStatus,Win32Status,SourceIP,Hits) • All hits for this day per user (SourceIP,OverallHits,User,Client,Bytes received,Bytes sent,EASRequest) • All hits by hour (Hour,Hits,EASHits) • All EAS devices (EASDeviceId,UserAgents) Troubleshooting Page 8 You can use those files to create reports like the following: Total hits per day 60.000.000 50.000.000 40.000.000 30.000.000 20.000.000 10.000.000 0 HitsOverall Monday Tuesday Wednesday Thursday Friday Saturday Sunday 49.130.659 48.865.912 46.628.868 42.330.712 39.933.326 19.213.415 25.031.829 TopUserHits 2.224.617 2.084.361 1.926.038 1.746.199 1.582.681 505.311 1.179.984 EASHits 19.476.152 20.478.597 19.392.757 18.502.713 17.223.169 10.390.875 9.218.362 Traffic per day 700.000 600.000 500.000 400.000 300.000 200.000 100.000 0 Monday Tuesday Wednesday Thursday Friday Saturday Overall MB received 106.997 106.332 105.469 87.814 81.739 28.693 Sunday 43.918 Overall MB sent 610.867 603.571 610.074 558.355 504.975 164.296 177.956 EAS MB received 16.864 17.879 17.240 16.697 15.322 7.927 7.568 EAS MB sent 310.371 329.030 344.262 329.047 296.711 106.274 72.383 Troubleshooting Page 9 Total hits per hour 3500000 3000000 2500000 OverallHits Monday OverallHits Tuesday 2000000 OverallHits Wednesday OverallHits Thursday 1500000 OverallHits Friday OverallHits Saturday OverallHits Sunday 1000000 500000 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 ClientBandwidth This creates 4 files related to bandwidth analysis: • Data (Hour,Vdir,User,EASDeviceId,KB received,KB sent,KB Total) • EASDevices contains the number of unique ActiveSync devices per hour (Hour,UniqueEASDeviceS) • Rate contains the calculate bandwidth usage per hour (Hour,kB/s KiloBytes/s,MB/s MegaBytes/s,kbps,Mbps) • Users conatins all unique users per hour (Hour,UniqueUsers) Note: In order to get a result you need to make sure that you enabled logging of the fields "cs-bytes" and "sc-bytes" in IIS! The most interesting file is data. Once you have it imported to Excel insert a PivotChart • Insert PivotChart • For Table/Range click on cell A1 • press Strg+Shift+End to select all data Now add "Hour" to "Axis Fields and "Vdir" to "Legend Fields" Troubleshooting Page 10 Depending on what you want you now can add other fields to "Values". KB total for OAB,EWS and ActiveSync Unique users OAB,EWS, Autodiscover and ActiveSync Troubleshooting Page 11 Unique users OAB,EWS, Autodiscover and ActiveSync HTTPReport This creates a report of all errors found in the HTTPERR logs, which could be found by default in the directory "%windir%\System32\LogFiles\HTTPERR" Troubleshooting Page 12 Troubleshooting Page 13
© Copyright 2024