Remote Printlog auslesen via Powershell / VB

  • PowerShell

    Remote Printlog auslesen via Powershell / VB

    Hallo Leute,
    hab bereits ein Tool, welches Printlogs mit dem Ereignis "307" auslesen kann und diese als CSV abspeichert.
    Leider fehlt mir in dem Log der Eintrag "Color", damit ich weiß ob schwarzweiß oder mit Farbe gedruckt worden ist.
    Ich schätze, dass es in der EventID 805 liegt. Leider habe ich keiner Ahnung, wie ich auf diese ID zugreifen kann?

    Das ist das Script, welches ich derzeit am laufen haben:

    Brainfuck-Quellcode

    1. <#
    2. .SYNOPSIS
    3. Print server job logs from Event Viewer to csv file
    5. .DESCRIPTION
    6. This script uses Get-WinEvent and XML queries to retrieve EventID 307 job logs from print servers.
    7. Specifically querying the Microsoft-Windows-PrintService/Operational log.
    8. Log is extracted to a CSV file and optionally emailed.
    10. .PARAMETER FileName
    11. <none>
    13. .EXAMPLE
    14. .\Print_ServerJobLogs.ps1
    16. .NOTES
    17. ScriptName: Print_ServerJobLogs.ps1
    18. Created By: TheAgreeableCow
    19. Date Coded: June 2012
    21. Requires Print Services Operational logging:
    22. Event Viewer > Applications and Service Logs > Microsoft > Windows > Print Service > Operational > Enable Log
    23. Remote severs may also need .NET 3.5 and Windows Remote Management configured (winrm -qc)
    25. Tested on Windows 2008R2
    27. .LINK
    28. http://theagreeablecow.blogspot.com.au/2012/06/using-get-winevent-and-xml-filters-to.html
    29. #>
    31. #LOAD VARIABLES
    32. #--------------
    33. Set-ExecutionPolicy unrestricted
    34. #Print Servers
    35. $ServerArray = @("MEINSERVER")
    36. $exchangeserver = "MEINEXCHANGE"
    37. $To = "MEINEEMAIL"
    38. $From = "MEINEBLABLABLA"
    40. #Output File
    41. $Date = (get-date) - (new-timespan -day 1)
    42. $OutputPath = "\\localhost\C$\temp\print\"
    43. $csvfile = $OutputPath + "Printing Audit - " + (Get-Date).ToString("yyyy-MM-dd") + ".csv"
    44. if ((Test-Path -Path $OutputPath+$csvfile) -eq $true) {remove-item $csvfile}
    45. write-output "Server,Date,Full Name,Client,Printer Name,Print Size,Pages,Document" | Out-File $csvfile
    47. #COLLECT EVENT LOGS FROM EACH PRINT SERVER
    48. #-----------------------------------------
    50. ForEach ($PrintServer in $ServerArray)
    51. {
    52. write-Host "Parsing event log entries for" $PrintServer
    53. $strOutput = ""
    54. #Apply query generated from Event Viewer > Filter Current Log > XML tab
    55. $filterxml = '<QueryList>
    56. <Query Id="0" Path="Microsoft-Windows-PrintService/Operational">
    57. <Select Path="Microsoft-Windows-PrintService/Operational">*[System[(EventID=307)]]</Select>
    58. </Query>
    59. </QueryList>'
    60. $EventLog = Get-WinEvent -ea SilentlyContinue -ComputerName $PrintServer -Filterxml $filterXml
    63. ForEach ($LogEntry in $EventLog)
    64. {
    65. #Get print job details
    66. $time = $LogEntry.TimeCreated
    67. $entry = [xml]$LogEntry.ToXml()
    68. $docName = $entry.Event.UserData.DocumentPrinted.Param2
    69. $Username = $entry.Event.UserData.DocumentPrinted.Param3
    70. $Computer = $entry.Event.UserData.DocumentPrinted.Param4
    71. $PrinterName = $entry.Event.UserData.DocumentPrinted.Param5
    72. $PrintSize = $entry.Event.UserData.DocumentPrinted.Param7
    73. $PrintPages = $entry.Event.UserData.DocumentPrinted.Param8
    75. #Get full name from AD
    76. if ($UserName -gt "")
    77. {
    78. $DirectorySearcher = New-Object System.DirectoryServices.DirectorySearcher
    79. $LdapFilter = "(&(objectClass=user)(samAccountName=${UserName}))"
    80. $DirectorySearcher.Filter = $LdapFilter
    81. $UserEntry = [adsi]"$($DirectorySearcher.FindOne().Path)"
    82. $DisplayName = $UserEntry.displayName
    83. }
    85. #$Write Log to CSV file
    86. $strOutput = $PrintServer+ "," +$time.ToString()+ "," +$DisplayName+ "," +$Computer+ "," +$PrinterName+ "," +$PrintSize+ "," +$PrintPages+ "," +$docName
    87. write-output $strOutput | Out-File $csvfile -append
    88. }
    89. }
    92. #REPORTING VIA EMAIL
    93. #-------------------
    95. #HTML style sheet
    96. $header = "<H3>Print Server Log Report "+(get-date -f D)+"</H3>"
    97. $title = "Example HTML Output"
    98. $body = '<style>
    99. BODY{font-family:Verdana; background-color:white;}
    100. TABLE{border-width: 1px;border-style:solid;border-color: black;border-collapse: collapse;}
    101. TH{font-size:1em; border-width: 1px;padding: 5px;border-style: solid;border-color: black;background-color:#C2B8AF}
    102. TD{border-width: 1px;padding: 5px;border-style: solid;border-color: black;background-color:#F6F8FC}
    103. </style>
    104. '
    105. $EmailText = '<style>
    106. Log report Attached<BR>
    107. <BR>
    108. Regards,<BR>
    109. <BR>
    110. Admin Scripts<BR>
    111. '
    114. #Send email (with attached CSV)
    116. #$emailsubject = "[AUTO] Print Server Logs Report ("+(get-date -f dd-MM-yyyy)+")"
    117. #Send-MailMessage -To $To -From $From -Subject $emailsubject -SmtpServer $exchangeserver -body ($EmailText | Out-String) -BodyAsHtml -attachment $csvfile
    119. #ALternatively send email with data in email body
    120. #$emailbody = import-csv $csvfile | sort-object Server | ConvertTo-Html -head $header -body $body -title $title
    121. #Send-MailMessage -To $To -From $From -Subject $emailsubject -SmtpServer $exchangeserver -body ($emailbody, $EmailText | Out-String) -BodyAsHtml
    122. #remove-item $csvfile


    Bitte um Hilfe. :)