Parse-TransportLogs - Which IPs on my network are sending SMTP through that connector?

I get asked this at some point in almost every Hybrid migration. The answer is always to turn up your SMTP logging to get those details. The problem is that parsing that data is difficult. Unlike an HTTP log where each hit was a transaction, SMTP logs contain the entire SMTP conversation, so one transaction can be 10-30 lines in an SMTP log file.

Additionally, SMTP logs store the remote-endpoint as a single field of IP and Port.

This script takes *.log from the directory you specify, and will search for lines containing "Queued" - meaning an email was accepted by the connector and write those to a temporary file.  Then it will parse the data, the Top client IP addresses along with a count!



Depending on the size of your log file data, this can take some time to run!

Download today from the TechNet Gallery!