Monitor HTTP.SYS error log & Alert if string is found

Monitors (if scheduled) the current HTTP.sys error log for a specified string pattern.
Has to be scheduled, every 5 minutes for example. (“-Repeat” option)
http://www.zerrouki.com/schedule-a-powershell-script-execution/

<#
.SYNOPSIS
	mon_httperr - Monitor the current HTTP.sys error log for a specified string pattern.
.NOTES
    File Name  : mon_httperr.ps1 
    Author     : Fabrice ZERROUKI - fabricezerrouki@hotmail.com
.EXAMPLE
	PS D:\>.\mon_httperr.ps1
#>
# Definition of the log file to search in
$LastLog = Get-ChildItem C:\WINDOWS\system32\LogFiles\HTTPERR | Sort -Property LastWriteTime | Select -Last 1
# Definition of the searched pattern
$Pattern = @("Connection_Dropped", "Connection_Abandoned_By_AppPool")
# Find the searched string
$Finder = Select-String -Path $LastLog -Pattern $Pattern -SimpleMatch
$Find = $Finder | Select LineNumber, Line | Format-List | Out-File mon_httperr.log
# Count the searched string results
$StrMatches = $Finder.count
if ($StrMatches -eq $null) { $StrMatches = "0" }
# Get the previous run searched string results
if (!(Test-Path matches.log)) { New-Item matches.log -Type file -Value "0" }
$MatchArc = Get-Content matches.log
if ($MatchArc -eq $null) { $MatchArc = "0" }
# Count the difference between this run and the last one
$Diff = $StrMatches - $MatchArc
# Update the searched string results
$StrMatches | Out-File matches.log

if ($Diff -eq 1) { $Message = "1 nouvelle ligne contenant la chaine de caract&egrave;res `"Connection_Dropped`" ou `"Connection_Abandoned_By_AppPool`" a &eacute;t&eacute; trouv&eacute;e dans le fichier C:\WINDOWS\system32\LogFiles\HTTPERR\" + "$LastLog" }
if ($Diff -gt 1) { $Message = "$Diff nouvelles lignes contenant la chaine de caract&egrave;res `"Connection_Dropped`" ou `"Connection_Abandoned_By_AppPool`" ont &eacute;t&eacute; trouv&eacute;es dans le fichier C:\WINDOWS\system32\LogFiles\HTTPERR\" + "$LastLog" }

# Send an alert by mail if new searched string results found
if ($Diff -ge 1)
{
$SmtpSrv = "ToBeDefined"
$Me = "ToBeDefined"
$MailTo = "ToBeDefined"
$MailFrom = "ToBeDefined"
$MailSubject = "$env:computername - IIS Monitoring - `"Connection_Dropped / Connection_Abandoned_By_AppPool`" Detected"
$MailBody = @"
<html><span style='font-family: Tahoma; font-size: 12px;' >Bonjour,<br />
<br />
$Message<br />
<br />
----------------------------------------------------------------------------</span><br />
<span style='font-family: Tahoma; font-size: 10px;' >Ce mail est g&eacute;n&eacute;r&eacute; automatiquement, merci de ne pas y r&eacute;pondre.<br />&nbsp;<br /></span></html>
"@

Send-MailMessage -To $MailTo -Subject $MailSubject `
 -From $MailFrom -SmtpServer $SmtpSrv -Priority High `
 -Bcc $Me -Attachments mon_httperr.log -BodyAsHtml $MailBody
 
Write-Host "Alert sent by mail to $MailTo"
}

PS Fab:\>Get-RelatedPosts

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top