-
Notifications
You must be signed in to change notification settings - Fork 0
/
Unified Auditlog ReportingEXOSNC.ps1
62 lines (47 loc) · 1.62 KB
/
Unified Auditlog ReportingEXOSNC.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#Date function
function Read-Date {
param(
[String] $prompt
)
$result = $null
do {
$s = Read-Host $prompt
if ( $s ) {
try {
$result = Get-Date $s
break
}
catch [Management.Automation.PSInvalidCastException] {
Write-Host "Date not valid"
}
}
else {
break
}
}
while ( $true )
$result
}
#parameter
$StartDate = Read-Date "Enter Start date Ex: 17/07/2017"
$EndDate = Read-Date "Enter End date Ex: 17/07/2017"
$Csv = Read-Host "Enter empty csv path"
try {
$Session = Get-PSSession | ? { $_.Name -like "*ExchangeOnline*" }
if ($null -eq $Session) {
Import-Module -Name ExchangeOnlineManagement -Verbose
Connect-ExchangeOnline -Verbose
}
#Search Unified Log
$SharePointLog = Search-UnifiedAuditLog -StartDate $StartDate -EndDate $EndDate -ObjectIds $Url -Operations $Operation
Write-Host "Found $($SharePointLog.count)"
#Convert to Json
$AuditLogResults = $SharePointLog.AuditData | ConvertFrom-Json | Select CreationTime, UserId, Operation, ObjectID, SiteUrl, SourceFileName, ClientIP, UserAgent, EventSource, UserType, CorrelationId
#Export Audit log results to CSV
$AuditLogResults
$AuditLogResults | Export-csv -Path $Csv -NoTypeInformation
}
catch {
Write-Host "Error" $_.exception.message -ForegroundColor Red
}
Disconnect-ExchangeOnline -Confirm:$false