Created
June 2, 2012 01:00
-
-
Save theagreeablecow/2856010 to your computer and use it in GitHub Desktop.
Print Server Job Logs from Event Viewer to CSV using Get-WinEvent and XML queries
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Print server job logs from Event Viewer to csv file | |
| .DESCRIPTION | |
| This script uses Get-WinEvent and XML queries to retrieve EventID 307 job logs from print servers. | |
| Specifically querying the Microsoft-Windows-PrintService/Operational log. | |
| Log is extracted to a CSV file and optionally emailed. | |
| .PARAMETER FileName | |
| <none> | |
| .EXAMPLE | |
| .\Print_ServerJobLogs.ps1 | |
| .NOTES | |
| ScriptName: Print_ServerJobLogs.ps1 | |
| Created By: TheAgreeableCow | |
| Date Coded: June 2012 | |
| Requires Print Services Operational logging: | |
| Event Viewer > Applications and Service Logs > Microsoft > Windows > Print Service > Operational > Enable Log | |
| Remote severs may also need .NET 3.5 and Windows Remote Management configured (winrm -qc) | |
| Tested on Windows 2008R2 | |
| .LINK | |
| http://theagreeablecow.blogspot.com.au/2012/06/using-get-winevent-and-xml-filters-to.html | |
| #> | |
| #LOAD VARIABLES | |
| #-------------- | |
| #Print Servers | |
| $ServerArray = @("Print1","Print2","Print3") | |
| $exchangeserver = "mail1.mydomain.com.au" | |
| $To = "[email protected]" | |
| $From = "[email protected]" | |
| #Output File | |
| $Date = (get-date) - (new-timespan -day 1) | |
| $OutputPath = "\\myserver\PrintJobs\" | |
| $csvfile = $OutputPath + "Printing Audit - " + (Get-Date).ToString("yyyy-MM-dd") + ".csv" | |
| if ((Test-Path -Path $OutputPath+$csvfile) -eq $true) {remove-item $csvfile} | |
| write-output "Server,Date,Full Name,Client,Printer Name,Print Size,Pages,Document" | Out-File $csvfile | |
| #COLLECT EVENT LOGS FROM EACH PRINT SERVER | |
| #----------------------------------------- | |
| ForEach ($PrintServer in $ServerArray) | |
| { | |
| write-Host "Parsing event log entries for" $PrintServer | |
| $strOutput = "" | |
| #Apply query generated from Event Viewer > Filter Current Log > XML tab | |
| $filterxml = '<QueryList> | |
| <Query Id="0" Path="Microsoft-Windows-PrintService/Operational"> | |
| <Select Path="Microsoft-Windows-PrintService/Operational">*[System[(EventID=307)]]</Select> | |
| </Query> | |
| </QueryList>' | |
| $EventLog = Get-WinEvent -ea SilentlyContinue -ComputerName $PrintServer -Filterxml $filterXml | |
| ForEach ($LogEntry in $EventLog) | |
| { | |
| #Get print job details | |
| $time = $LogEntry.TimeCreated | |
| $entry = [xml]$LogEntry.ToXml() | |
| $docName = $entry.Event.UserData.DocumentPrinted.Param2 | |
| $Username = $entry.Event.UserData.DocumentPrinted.Param3 | |
| $Computer = $entry.Event.UserData.DocumentPrinted.Param4 | |
| $PrinterName = $entry.Event.UserData.DocumentPrinted.Param5 | |
| $PrintSize = $entry.Event.UserData.DocumentPrinted.Param7 | |
| $PrintPages = $entry.Event.UserData.DocumentPrinted.Param8 | |
| #Get full name from AD | |
| if ($UserName -gt "") | |
| { | |
| $DirectorySearcher = New-Object System.DirectoryServices.DirectorySearcher | |
| $LdapFilter = "(&(objectClass=user)(samAccountName=${UserName}))" | |
| $DirectorySearcher.Filter = $LdapFilter | |
| $UserEntry = [adsi]"$($DirectorySearcher.FindOne().Path)" | |
| $DisplayName = $UserEntry.displayName | |
| } | |
| #$Write Log to CSV file | |
| $strOutput = $PrintServer+ "," +$time.ToString()+ "," +$DisplayName+ "," +$Computer+ "," +$PrinterName+ "," +$PrintSize+ "," +$PrintPages+ "," +$docName | |
| write-output $strOutput | Out-File $csvfile -append | |
| } | |
| } | |
| #REPORTING VIA EMAIL | |
| #------------------- | |
| #HTML style sheet | |
| $header = "<H3>Print Server Log Report "+(get-date -f D)+"</H3>" | |
| $title = "Example HTML Output" | |
| $body = '<style> | |
| BODY{font-family:Verdana; background-color:white;} | |
| TABLE{border-width: 1px;border-style:solid;border-color: black;border-collapse: collapse;} | |
| TH{font-size:1em; border-width: 1px;padding: 5px;border-style: solid;border-color: black;background-color:#C2B8AF} | |
| TD{border-width: 1px;padding: 5px;border-style: solid;border-color: black;background-color:#F6F8FC} | |
| </style> | |
| ' | |
| $EmailText = '<style> | |
| Log report Attached<BR> | |
| <BR> | |
| Regards,<BR> | |
| <BR> | |
| Admin Scripts<BR> | |
| ' | |
| #Send email (with attached CSV) | |
| $emailsubject = "[AUTO] Print Server Logs Report ("+(get-date -f dd-MM-yyyy)+")" | |
| Send-MailMessage -To $To -From $From -Subject $emailsubject -SmtpServer $exchangeserver -body ($EmailText | Out-String) -BodyAsHtml -attachment $csvfile | |
| #ALternatively send email with data in email body | |
| #$emailbody = import-csv $csvfile | sort-object Server | ConvertTo-Html -head $header -body $body -title $title | |
| #Send-MailMessage -To $To -From $From -Subject $emailsubject -SmtpServer $exchangeserver -body ($emailbody, $EmailText | Out-String) -BodyAsHtml | |
| #remove-item $csvfile |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
thank you