Loop through IIS 8+ servers to check existence of required custom log fieldsRSS

0 replies

Last post Mar 04, 2020 04:59 PM by M.RocketRandall

  • Loop through IIS 8+ servers to check existence of required custom log fields

    Mar 04, 2020 04:59 PM|M.RocketRandall|LINK

    I'm trying to loop through a list of servers (IIS 8.5 mostly) and for each server see if certain custom field names exist for logs. I'm executing these commands from my local machine, using the "invoke-command" cmdlet. Currently, it just returns to the cursor instead of writing out if there is a Match or No Match. 

    srv.csv file contains:

    Host,IP

    srv1,10.0.0.2

    srv2,10.0.0.3

    log_stig.csv file contains:

    LogFieldName,SourceType

    Connection,RequestHeader

    User-Agent,RequestHeader

    Content-Type,ResponseHeader

    Assigns the values  in srv.csv to $IISServers variable

    try{
      $IISServers = Import-Csv C:\Users\snappy\ps_script_resources\srv.csv
    }
    catch{
      "The file 'srv.csv' is not available"
    }

    Assigns the values in log_stig.csv to $STIG_CustomFields variable

    try{
      $STIG_CustomFields = Import-Csv C:\Users\snappy\ps_script_resources\log_stig.csv
    }catch{
      "The file 'log_stig.csv' is not available"
    }

    Loop through each server and then loop through each customfield name checking if they exist on the server.

    ForEach($IISServer in $IISServers){
      $IISServerName = $($IISServer.Host)
    
      try{
        invoke-command -ComputerName $IISServerName -ScriptBlock{
    
        $SiteLogFileCustom = Get-WebConfigurationProperty -PSPath 'MACHINE/WEBROOT/APPHOST' - 
        filter "system.applicationHost/sites/site/logFile/customFields" -Name 'Collection'
    
        ForEach ($STIG_CustomField in $STIG_CustomFields){
          write-output $STIG_CustomField.LogFieldName
          write-output $SiteLogFileCustom.logFieldName
          if($STIG_CustomField.LogFieldName -match $SiteLogFileCustom.logFieldName){
            write-output "Match" 
          }
          else{
            write-output "No Match"
          }
          write-output "This ran"
        }
       }
      }
     catch{
      "Invoke failed for "
      }
    }

    Any recommendations - suggestions welcomed.