To analyze the largest source IP address and address, we need to execute two commands. The first command is to read the user from the log and write it into the XML file, the second command is to read the XML file and render it as a graph!
Run the first command to write data to the XML file:
"C: \ Program Files (x86) \ log parser 2.2 \ logparser.exe" "select top 10 extract_prefix (Remote-endpoint, 0, ':') as remotesendinghost, count (*) as hits into topsenders. XML from c: \ progra ~ 1 \ Microsoft \ exchan ~ 1 \ transportroles \ logs \ protocollog \ smtpreceive \ Recv *. log where event = '+ 'group by remotesendinghost order by hits DESC "-I: CSV-nskiplines: 4-O: XML
Let's parse this command a bit:
Logparser.exe "" select top 10Extract_prefix (Remote-endpoint, 0 ,':')As remotesendinghost, count (*) as hitsInto topsenders. xml' outputs data as an XML fileFrom c: \ progra ~ 1 \ Microsoft \ exchan ~ 1 \ transportroles \ logs \ protocollog \ smtpreceive \ Recv *. Log'Here is the data sourceWhere event = '+'When event = +Group by remotesendinghost order by hits DESC"-I: CSV input log format-Nskiplines: 4Skip the number of rows. Here is the first four rows. Because the first four rows are headers, skip-O: XMLThe output format is XML.
Next, read the XML file and present it as a chart:
"C: \ Program Files (x86) \ log parser 2.2 \ logparser.exe" "select top 10 reversedns (remotesendinghost), hits into topsenders.gif from topsenders. XML "-I: XML-O: Chart-charttype: pieexploded3d-charttitle:" Top 10 senders "-groupsize: 1024x768
To parse this command:
"C: \ Program Files (x86) \ log parser 2.2 \ logparser.exe" "select top 10 reversedns (remotesendinghost), hitsThe data output of topsenders.gif is the topsenders.gif image under the current directory.From topsenders. xmlData Source"-I: XMLThe input format is XML.-O: ChartThe output format is a chart.-Charttype: pieexploded3d: The title name of the circular 3D Graph-charttitle: "Top 10 senders" table-groupsize: 1024x768
Next, we need to analyze who has sent the most mails. Therefore, we need to analyze the message tracking log. The default directory is c: \ progra ~ 1 \ Microsoft \ exchan ~ 1 \ transportroles \ logs \ messagetracking \ directory.
C: \ Program Files (x86) \ log parser 2.2 \ logparser.exe "" select top 20 sender-address, count (*) as messagessent from c: \ progra ~ 1 \ Microsoft \ exchan ~ 1 \ V14 \ transportroles \ logs \ messagetracking \ MSG *. log where recipient-status like '2014% 'and connector-id = 'internet' group by sender-address order by messagessent DESC "-RTP:-1-I: CSV-nskiplines: 4-O: DataGrid
I will explain the above commands a little bit:
C: \ Program Files (x86) \ log parser 2.2 \ logparser.exe "" select top 20 sender-address, count (*) as messagessent from c: \ progra ~ 1 \ Microsoft \ exchan ~ 1 \ V14 \ transportroles \ logs \ messagetracking \ MSG *. Log input log for this path where recipient-status like '2017% 'andConnector-id = 'internet' connect-ID is our sending ConnectorGroup by sender-address order by messagessent DESC "-RTP:-1-I: CSV input log file is in CSV format-nskiplines: 4 skip data lines 4-O: the DataGrid is displayed as a data table.
The following chart shows a maximum of 20 Email recipients:
Next, we analyze the corresponding logs to find the users who send the most data in the current organization:
"C: \ Program Files (x86) \ log parser 2.2 \ logparser.exe" "select top 10 sender-address, Div (sum (total-bytes), 1048576) as totalbytes (MB) into topvolumesenders.gif from c: \ progra ~ 1 \ Microsoft \ exchan ~ 1 \ V14 \ transportroles \ logs \ messagetracking \ MSG *. log where recipient-status like '2014% 'group by sender-address order by totalbytes (MB) DESC "-charttype: barclustered3d-I: CSV-nskiplines: 4-O: Chart
For more information about the command usage, see the preceding explanation. The result is as follows:
If we want to display the largest number of users and the maximum number of emails sent by these users in a graph, we need to execute the following command:
"C: \ Program Files (x86) \ log parser 2.2 \ logparser.exe" "select top 10 sender-address, count (*) as messagessent, Div (sum (total-bytes ), (1048576) as totalbytes (MB) into topsenderscombined.gif from c: \ progra ~ 1 \ Microsoft \ exchan ~ 1 \ V14 \ transportroles \ logs \ messagetracking \ MSG *. log where recipient-status like '2014% 'group by sender-address order by messagessent DESC "-charttype: barclustered3d-I: CSV-nskiplines: 4-O: Chart
After the execution is complete, let's look at the GIF results: