diff --git a/Admin/Get-EASMailboxLogs.ps1 b/Admin/Get-EASMailboxLogs.ps1 new file mode 100644 index 0000000000..550991c312 --- /dev/null +++ b/Admin/Get-EASMailboxLogs.ps1 @@ -0,0 +1,79 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +# Powershell script to enable and collect EAS mailbox logs. +param( + [Parameter(Mandatory = $true)] [string[]] $Mailbox = "", + [ValidateScript({ Test-Path $_ })] + [Parameter(Mandatory = $true)] [string] $OutputPath = (Get-Location).Path, + [Parameter(Mandatory = $false)] [int] $Interval = 30 +) + +Clear-Host +Write-Host "Do not close this window until you are ready to collect the logs." -ForegroundColor Black -BackgroundColor Yellow +Write-Host "Press any key to continue ..." -ForegroundColor Yellow +$host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown") | Out-Null +Clear-Host + +# Convert the interval into seconds +$Interval = $Interval * 60 + +# SMTP address of mailbox(es) to retrieve logs from +$targetMailboxes = @() +try { + $targetMailboxes = $Mailbox.Split(",") +} catch { + "Failed to split" | Out-Null +} + +# Looping indefinitely... +while ($true) { + # Ensure that mailbox logging is not disabled after 72 hours + # For each mailbox... + foreach ($targetMailbox in $targetMailboxes) { + #...attempt to enable mailbox logging for the mailbox + Write-Host "Enabling mailbox log for $targetMailbox." -ForegroundColor DarkGray + try { + Set-CasMailbox $targetMailbox -ActiveSyncDebugLogging:$true -ErrorAction Stop -WarningAction SilentlyContinue + } catch { + # Should only error when mailbox is on a different version of Exchange than server where command executed + Write-Host "Error enabling the ActiveSync mailbox log for $targetMailbox. This script must run on the version of Exchange where the mailbox is located." -ForegroundColor White -BackgroundColor Red + exit + } + } + # For each target mailbox... + foreach ($targetMailbox in $targetMailboxes) { + Write-Host "Getting all devices for mailbox:" $targetMailbox + # ...get all devices syncing with mailbox... + try { + $devices = Get-MobileDeviceStatistics -Mailbox $targetMailbox + } catch { + Write-Host "Error locating devices for $targetMailbox." -ForegroundColor White -BackgroundColor Red + } + + #...and for each device... + if ($null -ne $devices) { + foreach ($device in $devices) { + Write-Host "Downloading logs for device: $($device.DeviceFriendlyName) $($device.DeviceID)" -ForegroundColor Cyan + # ...create an output file... + $fileName = [System.IO.Path]::Combine($OutputPath, "$targetMailbox`_MailboxLog_$($device.DeviceFriendlyName)_$($device.DeviceID)_$((Get-Date).Ticks).txt") + + # ...and write the mailbox log to the output file... + try { + Get-MobileDeviceStatistics $device.Identity -GetMailboxLog -ErrorAction SilentlyContinue | + Select-Object -ExpandProperty MailboxLogReport | + Out-File -FilePath $fileName + } catch { + Write-Host "Unable to retrieve mailbox log for $device.Identity" -ForegroundColor White -BackgroundColor Red + } + } + } + # Escape the infinite loop if there are no devices + else { Write-Host "No devices found for $targetMailbox." -ForegroundColor Yellow; exit } + } + + #...and then wait x number of seconds before retrieving the logs again + Write-Host "Reminder: Do no close this window until you are ready to collect the logs." -ForegroundColor White -BackgroundColor Red + Write-Host "Next set of logs will be retrieved at" (Get-Date).AddSeconds($Interval) -ForegroundColor Green + Start-Sleep $Interval +} diff --git a/docs/Admin/Get-EASMailboxLogs.md b/docs/Admin/Get-EASMailboxLogs.md new file mode 100644 index 0000000000..4190a60704 --- /dev/null +++ b/docs/Admin/Get-EASMailboxLogs.md @@ -0,0 +1,27 @@ +# Get-EASMailboxLogs + +Download the latest release: [Get-EASMailboxLogs.ps1](https://github.com/microsoft/CSS-Exchange/releases/latest/download/Get-EASMailboxLogs.ps1) + +Used for when you need to get EAS Mailbox Logging over a long period of time. It will collect the logs and re-enable the Active Sync Logging enabled to avoid it being disabled after 72 hours. + +## Syntax + +```powershell +Get-EASMailboxLogs.ps1 + [-Mailbox ] + [-OutputPath ] + [-Interval ] +``` + +## Examples + +The following example collects logs for two mailbox every hour: + +``` +.\Get-EASMailboxLogs.ps1 -mailbox @("jim","zeke") -OutputPath C:\EASLogs -interval 60 +``` + +The following example collects logs for a mailbox: +``` +.\Get-EASMailboxLogs.ps1 -Mailbox "jim" -OutputPath c:\EASLogs +``` diff --git a/mkdocs.yml b/mkdocs.yml index 911bff37b9..6c8cd21df0 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -5,6 +5,7 @@ nav: - Admin: - Clear-MailboxPermission: Admin/Clear-MailboxPermission.md - Find-AmbiguousSids: Admin/Find-AmbiguousSids.md + - Get-EASMailboxLogs: Admin/Get-EASMailboxLogs.md - Get-SimpleAuditLogReport: Admin/Get-SimpleAuditLogReport.md - Reset-ScanEngineVersion: Admin/Reset-ScanEngineVersion.md - Test-AMSI: Admin/Test-AMSI.md