Logging is one of those topics every tech professional must deal with. All kinds of applications generate logs, and by using PowerShell, we can manage these logs better!

Programs create logs lots of different ways—some better than others. One common complaint that sysadmins have is when a program simply writes to the same log file on disk in perpetuity. If the system writes enough events to this log file, it can grow astronomically and be tough to parse when the times comes to troubleshoot the said program. We can make this situation better with some PowerShell.

To build a log-archiving script with PowerShell, we'll first have to define an archiving time for the log. This could be when the file grows to a certain size, a specific date interval, or something similar. The trigger could be just about anything. It all depends on what your goal is.

The probable reason we're building a log-archiving script in the first place is to keep the text logs small or to offload them to some other storage to save disk space. In this case, it makes sense to key off the log file size.

The next thing to think about is what action you're going to take on the log file when it hits the size threshold. A good action to take would be to copy the log file as-is to some other location and then perhaps append the date at the end to indicate when the archive operation happened. Let's go with that.

To get started, I'll assume I have some fictional app that's writing to a log file on a server, and I'd like to archive off copies of this log file to some other location. When the archive happens, the script will copy the log file to the other location and will append the date to each copy indicating when the archive took place. After archiving the log file, the script removes the original log file for the program to recreate it and begin recording activity again.

Let's get started!

First, I'll create the script parameters so we can reuse this for different log files.

param
(
    [Parameter(Mandatory)]
    [ValidateNotNullOrEmpty()]
    [string]$LogFilePath,

    [Parameter(Mandatory)]
    [ValidateNotNullOrEmpty()]
    [int]$SizeThresholdMb,

    [Parameter(Mandatory)]
    [ValidateNotNullOrEmpty()]
    [string]$ArchiveFolderPath
)

Once we've defined the parameters, we can begin writing the code to make this happen. First, I'll check the size of the file.

$logSize = (Get-Item -Path $LogFilePath).Length / 1MB

Once we have the log size, we can then compare it with our threshold to see if it's grown past it.

if ($logSize -ge $SizeThresholdMb) {
    ## Archive action here
}

After doing the compare, we can then replace the ## Archive action here text with the action to copy the script to the archive location and append the date to the end while we're at it.

$logFile = Get-Item -Path $LogFilePath
$archiveFileName = '{0}_{1}{2}' -f $logFile.BaseName,(Get-Date -Format 'MM-dd-yy'),$logFile.Extension
Copy-Item -Path $LogFilePath -Destination (Join-Path -Path $ArchiveFolderPath -ChildPath $archiveFileName)
Remove-Item -Path $LogFilePath

If I would have called this script Invoke-LogFileArchive.ps1, I could then call and execute it as a whole using the log file path, size threshold, and archive path of our choice.

PS> .\Invoke-LogFileArchive.ps1 -LogFilePath 'C:\Program Files\SomeProgram\activity.log' -SizeThresholdMb 10 -ArchiveFolderPath '\\SRV\Logs'

Below is a demonstration of what this script could look like.

Subscribe to 4sysops newsletter!

Output of the log archiving script

Output of the log archiving script

0 Comments

Leave a reply

Your email address will not be published.

*

© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account