microsoft
/
Office365NetworkTools
зеркало из https://github.com/microsoft/Office365NetworkTools.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Initial commit

This commit is contained in:
Roshan Padmanabhan Kanaka Sabapaty 2018-11-19 18:14:41 +04:00
Коммит d17ce3b6df
9 изменённых файлов: 849 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

330
.gitignore поставляемый Normal file
Просмотреть файл

@ -0,0 +1,330 @@
## Ignore Visual Studio temporary files, build results, and
## files generated by popular Visual Studio add-ons.
##
## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
# User-specific files
*.suo
*.user
*.userosscache
*.sln.docstates
# User-specific files (MonoDevelop/Xamarin Studio)
*.userprefs
# Build results
[Dd]ebug/
[Dd]ebugPublic/
[Rr]elease/
[Rr]eleases/
x64/
x86/
bld/
[Bb]in/
[Oo]bj/
[Ll]og/
# Visual Studio 2015/2017 cache/options directory
.vs/
# Uncomment if you have tasks that create the project's static files in wwwroot
#wwwroot/
# Visual Studio 2017 auto generated files
Generated\ Files/
# MSTest test Results
[Tt]est[Rr]esult*/
[Bb]uild[Ll]og.*
# NUNIT
*.VisualState.xml
TestResult.xml
# Build Results of an ATL Project
[Dd]ebugPS/
[Rr]eleasePS/
dlldata.c
# Benchmark Results
BenchmarkDotNet.Artifacts/
# .NET Core
project.lock.json
project.fragment.lock.json
artifacts/
**/Properties/launchSettings.json
# StyleCop
StyleCopReport.xml
# Files built by Visual Studio
*_i.c
*_p.c
*_i.h
*.ilk
*.meta
*.obj
*.iobj
*.pch
*.pdb
*.ipdb
*.pgc
*.pgd
*.rsp
*.sbr
*.tlb
*.tli
*.tlh
*.tmp
*.tmp_proj
*.log
*.vspscc
*.vssscc
.builds
*.pidb
*.svclog
*.scc
# Chutzpah Test files
_Chutzpah*
# Visual C++ cache files
ipch/
*.aps
*.ncb
*.opendb
*.opensdf
*.sdf
*.cachefile
*.VC.db
*.VC.VC.opendb
# Visual Studio profiler
*.psess
*.vsp
*.vspx
*.sap
# Visual Studio Trace Files
*.e2e
# TFS 2012 Local Workspace
$tf/
# Guidance Automation Toolkit
*.gpState
# ReSharper is a .NET coding add-in
_ReSharper*/
*.[Rr]e[Ss]harper
*.DotSettings.user
# JustCode is a .NET coding add-in
.JustCode
# TeamCity is a build add-in
_TeamCity*
# DotCover is a Code Coverage Tool
*.dotCover
# AxoCover is a Code Coverage Tool
.axoCover/*
!.axoCover/settings.json
# Visual Studio code coverage results
*.coverage
*.coveragexml
# NCrunch
_NCrunch_*
.*crunch*.local.xml
nCrunchTemp_*
# MightyMoose
*.mm.*
AutoTest.Net/
# Web workbench (sass)
.sass-cache/
# Installshield output folder
[Ee]xpress/
# DocProject is a documentation generator add-in
DocProject/buildhelp/
DocProject/Help/*.HxT
DocProject/Help/*.HxC
DocProject/Help/*.hhc
DocProject/Help/*.hhk
DocProject/Help/*.hhp
DocProject/Help/Html2
DocProject/Help/html
# Click-Once directory
publish/
# Publish Web Output
*.[Pp]ublish.xml
*.azurePubxml
# Note: Comment the next line if you want to checkin your web deploy settings,
# but database connection strings (with potential passwords) will be unencrypted
*.pubxml
*.publishproj
# Microsoft Azure Web App publish settings. Comment the next line if you want to
# checkin your Azure Web App publish settings, but sensitive information contained
# in these scripts will be unencrypted
PublishScripts/
# NuGet Packages
*.nupkg
# The packages folder can be ignored because of Package Restore
**/[Pp]ackages/*
# except build/, which is used as an MSBuild target.
!**/[Pp]ackages/build/
# Uncomment if necessary however generally it will be regenerated when needed
#!**/[Pp]ackages/repositories.config
# NuGet v3's project.json files produces more ignorable files
*.nuget.props
*.nuget.targets
# Microsoft Azure Build Output
csx/
*.build.csdef
# Microsoft Azure Emulator
ecf/
rcf/
# Windows Store app package directories and files
AppPackages/
BundleArtifacts/
Package.StoreAssociation.xml
_pkginfo.txt
*.appx
# Visual Studio cache files
# files ending in .cache can be ignored
*.[Cc]ache
# but keep track of directories ending in .cache
!*.[Cc]ache/
# Others
ClientBin/
~$*
*~
*.dbmdl
*.dbproj.schemaview
*.jfm
*.pfx
*.publishsettings
orleans.codegen.cs
# Including strong name files can present a security risk
# (https://github.com/github/gitignore/pull/2483#issue-259490424)
#*.snk
# Since there are multiple workflows, uncomment next line to ignore bower_components
# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
#bower_components/
# RIA/Silverlight projects
Generated_Code/
# Backup & report files from converting an old project file
# to a newer Visual Studio version. Backup files are not needed,
# because we have git ;-)
_UpgradeReport_Files/
Backup*/
UpgradeLog*.XML
UpgradeLog*.htm
ServiceFabricBackup/
*.rptproj.bak
# SQL Server files
*.mdf
*.ldf
*.ndf
# Business Intelligence projects
*.rdl.data
*.bim.layout
*.bim_*.settings
*.rptproj.rsuser
# Microsoft Fakes
FakesAssemblies/
# GhostDoc plugin setting file
*.GhostDoc.xml
# Node.js Tools for Visual Studio
.ntvs_analysis.dat
node_modules/
# Visual Studio 6 build log
*.plg
# Visual Studio 6 workspace options file
*.opt
# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
*.vbw
# Visual Studio LightSwitch build output
**/*.HTMLClient/GeneratedArtifacts
**/*.DesktopClient/GeneratedArtifacts
**/*.DesktopClient/ModelManifest.xml
**/*.Server/GeneratedArtifacts
**/*.Server/ModelManifest.xml
_Pvt_Extensions
# Paket dependency manager
.paket/paket.exe
paket-files/
# FAKE - F# Make
.fake/
# JetBrains Rider
.idea/
*.sln.iml
# CodeRush
.cr/
# Python Tools for Visual Studio (PTVS)
__pycache__/
*.pyc
# Cake - Uncomment if you are using it
# tools/**
# !tools/packages.config
# Tabs Studio
*.tss
# Telerik's JustMock configuration file
*.jmconfig
# BizTalk build output
*.btp.cs
*.btm.cs
*.odx.cs
*.xsd.cs
# OpenCover UI analysis results
OpenCover/
# Azure Stream Analytics local run output
ASALocalRun/
# MSBuild Binary and Structured Log
*.binlog
# NVidia Nsight GPU debugger configuration file
*.nvuser
# MFractors (Xamarin productivity tool) working folder
.mfractor/

21
LICENSE Normal file
Просмотреть файл

@ -0,0 +1,21 @@
MIT License
Copyright (c) Microsoft Corporation. All rights reserved.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE

Двоичные данные
Office365-Network-Bandwidth-meter/Dashboards-v2.zip Normal file
Просмотреть файл

Двоичный файл не отображается.

214
Office365-Network-Bandwidth-meter/Generate-LAQuery-v3.ps1 Normal file
Просмотреть файл

@ -0,0 +1,214 @@
<#
.COPYRIGHT
Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.
See LICENSE in the project root for license information.
#>
####################################################
#Script to generate Log Analytics query for Office 365 service areas
# Accepted input for Services parameter are Exchange or Sharepoint or Skype
# Accepted input format for startdate and enddate is
#startdate: 2018-11-01T09:00
#enddate: 2018-11-12T09:00
######################################################################################################
[CmdletBinding(SupportsShouldProcess=$True)]
Param (
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[string] $services,
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[string] $startdate,
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[string] $enddate
)
# POST method: $req
#$requestBody = Get-Content $req -Raw | ConvertFrom-Json
#$services = $requestBody.service
#$startdate = $requestBody.startdate
#$enddate = $requestBody.enddate
#if (!$startdate) {
# $startdate = "2018-04-25T00:00"
#}
#if (!$enddate) {
#$enddate = "2018-04-28T00:00"
#}
#if (!$services) {
#$services = "SharePoint"
#}
function Get-IPrange
{
<#
.SYNOPSIS
Get the IP addresses in a range
.EXAMPLE
Get-IPrange -start 192.168.8.2 -end 192.168.8.20
.EXAMPLE
Get-IPrange -ip 192.168.8.2 -mask 255.255.255.0
.EXAMPLE
Get-IPrange -ip 192.168.8.3 -cidr 24
#>
param
(
[string]$start,
[string]$end,
[string]$ip,
[string]$mask,
[int]$cidr
)
function IP-toINT64 () {
param ($ip)
$octets = $ip.split(".")
return [int64]([int64]$octets[0]*16777216 +[int64]$octets[1]*65536 +[int64]$octets[2]*256 +[int64]$octets[3])
}
function INT64-toIP() {
param ([int64]$int)
return (([math]::truncate($int/16777216)).tostring()+"."+([math]::truncate(($int%16777216)/65536)).tostring()+"."+([math]::truncate(($int%65536)/256)).tostring()+"."+([math]::truncate($int%256)).tostring() )
}
if ($ip) {$ipaddr = [Net.IPAddress]::Parse($ip)}
if ($cidr) {$maskaddr = [Net.IPAddress]::Parse((INT64-toIP -int ([convert]::ToInt64(("1"*$cidr+"0"*(32-$cidr)),2)))) }
if ($mask) {$maskaddr = [Net.IPAddress]::Parse($mask)}
if ($ip) {$networkaddr = new-object net.ipaddress ($maskaddr.address -band $ipaddr.address)}
if ($ip) {$broadcastaddr = new-object net.ipaddress (([system.net.ipaddress]::parse("255.255.255.255").address -bxor $maskaddr.address -bor $networkaddr.address))}
if ($ip) {
$startaddr = IP-toINT64 -ip $networkaddr.ipaddresstostring
$endaddr = IP-toINT64 -ip $broadcastaddr.ipaddresstostring
} else {
$startaddr = IP-toINT64 -ip $start
$endaddr = IP-toINT64 -ip $end
}
INT64-toIP -int $startaddr
INT64-toIP -int $endaddr
}
function GetIpAddressesForService ($serviceArea) {
<#
.SYNOPSIS
Get the IP addresses for a given O365 Service
.EXAMPLE
GetIpAddressesForService("Exchange")
#>
#if (!$serviceArea) {
# $serviceArea = "Exchange"
#}
# webservice root URL
$ws = "https://endpoints.office.com"
$clientRequestId = [guid]::NewGuid()
$O365instance = "Worldwide"
# invoke endpoints method to get the new data
$endpointSets = Invoke-RestMethod -Uri ($ws + "/endpoints/"+$O365instance+"?clientRequestId=" + $clientRequestId)
$flatIps = $endpointSets | ForEach-Object {
$endpointSet = $_
if ($endpointSet.serviceArea -eq $services -and ($endpointset.id -eq 1 -or $endpointset.id -eq 9 -or $endpointset.id -eq 11 -or $endpointset.id -eq 12 -or $endpointset.id -eq 31)) {
$ips = $(if ($endpointSet.ips.Count -gt 0) { $endpointSet.ips } else { @() })
# IPv4 strings have dots while IPv6 strings have colons
$ip4s = $ips | Where-Object { $_ -like '*.*' }
$IpCustomObjects = @()
if ($endpointSet.tcpPorts -or $endpointSet.udpPorts) {
$IpCustomObjects = $ip4s | ForEach-Object {
[PSCustomObject]@{
category = "Allow";
ip = $_;
tcpPorts = $endpointSet.tcpPorts;
udpPorts = $endpointSet.udpPorts;
}
}
}
$IpCustomObjects
}
}
return $flatIps
}
function Get-BwData($serviceArea) {
$mySubnets = GetIpAddressesForService($serviceArea)
$firstItem = 0
$IpRanges = $mySubnets.ip | ForEach-Object {
$mySubnet = $_.split("/")
if ($mySubnet[1] -eq "32") {
$IpRange = $mySubnet[0]
if ($firstItem -eq 0) {
$KustoQuery += " | where (parse_ipv4(DestinationIp) == parse_ipv4('"+$IpRange+"'))"
} else {
$KustoQuery += " or (parse_ipv4(DestinationIp) == parse_ipv4('"+$IpRange+"'))"
}
} elseif ($mysubnet[1] -ne "32") {
$IpRange = Get-IPrange -ip $mySubnet[0] -cidr $mySubnet[1]
if ($firstItem -eq 0) {
$KustoQuery += " | where (parse_ipv4(DestinationIp) >= parse_ipv4('"+$IpRange[0]+"') and parse_ipv4(DestinationIp) <= parse_ipv4('"+$IpRange[1]+"')) "
} else {
$KustoQuery += " or (parse_ipv4(DestinationIp) >= parse_ipv4('"+$IpRange[0]+"') and parse_ipv4(DestinationIp) <= parse_ipv4('"+$IpRange[1]+"')) "
}
}
$firstItem = 1
}
return $KustoQuery
}
$OutputData = "VMConnection " # Change to VMConnection
$secondService = 1
foreach ($service in $services) {
$OutputData += Get-BwData($service)
$secondService++
}
$OutputData += " | where TimeGenerated > todatetime('"+$startdate+"') and TimeGenerated < todatetime('"+$enddate+"')"
##$OutputData += " | project SessionStartTime, TotalBytes " ## Potentially not needed anymore.
$ReturnMessage = ''+$OutputData+''
$Date = Get-Date
$Filename = "LogAnalyticsquery" + "_" + "$services" + "_" + $Date.Day + "-" + $Date.Month + "-" + $Date.Year + "_" + $Date.Hour + "-" + $Date.Minute + ".txt"
Out-File -Encoding ascii -FilePath "$ENV:Temp\$FileName" -InputObject $ReturnMessage
Write-Host "Log Analytics query written to '$ENv:Temp\$FileName'" -ForegroundColor Yellow

Двоичные данные
Office365-Network-Bandwidth-meter/INTRO-Network-Bandwidth-Meter using Azure Monitoring.pdf Normal file
Просмотреть файл

Двоичный файл не отображается.

31
Office365-Network-Bandwidth-meter/README.md Normal file
Просмотреть файл

@ -0,0 +1,31 @@
# /Office 365 Network Bandwidth meter/
This is a beta solution we released recently in September 2018 to:
1. Measure network bandwidth usage for pilot users on-boarded to Office 365 or network bandwidth usage of on-premises users.
2. Build and maintain endpoint monitoring dashboards post on-boarding users to Office 365
This solution uses Azure monitoring, specifically Service Map. You can apply this concept for measuring any SaaS/PaaS traffic, not just Office 365.
This solution will allow you to monitor and analyse the following example scenarios:
• Bandwidth used for a particular process or set of processes over a set period of time
• Bandwidth used by the machine over a set period of time
• Bandwidth used in connections to a specific port
• Bandwidth used to a specific IP address or range of addresses
• IP geolocation of the endpoints connected to
# Prerequisites
Azure Subscription
Azure Log analytics workspace
# Support Statement
The scripts, samples, and tools made available through the Open Source initiative are provided as-is. These resources are developed in partnership with the community and do not represent official Microsoft software. As such, support is not available through premier or other official support channels. If you find an issue or have questions please reach out through the issues list and we'll do our best to assist, but there is no support SLA associated with these tools.
# Code of Conduct
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Двоичные данные
Office365-Network-Bandwidth-meter/Step-by-Step-Guide-Office365-network-bandwidth-meter-using-Azure-Monitoring-2.4.pdf Normal file
Просмотреть файл

Двоичный файл не отображается.

39
README.md Normal file
Просмотреть файл

@ -0,0 +1,39 @@
# Microsoft Office 365 Network Tools
Welcome to the home for Microsoft Office 365 Network Tools. Through this initiative we are collecting tools, scripts, and guidance from across engineering teams with the aim to make them easier to find, grow, and improve with help from the community and partners.
## Folders & Description:
#### /Office 365 Network Bandwidth meter/
This is a beta solution we released recently in September 2018 to:
1. Measure network bandwidth usage for pilot users on-boarded to Office 365 or network bandwidth usage of on-premises users.
2. Build and maintain endpoint monitoring dashboards post on-boarding users to Office 365
This solution uses Azure monitoring, specifically Service Map. You can apply this concept for measuring any SaaS/PaaS traffic, not just Office 365.
# Open to ideas
If you have ideas for projects that would improve our delivery, experience, or process please submit an issue and let us know. We can't promise every idea will be implemented, but we value your feedback. Please be sure to include sufficient information that we can understand your idea and respond.
# Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a
Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide
a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions
provided by the bot. You will only need to do this once across all repos using our CLA.
# Support Statement
The scripts, samples, and tools made available through the Open Source initiative are provided as-is. These resources are developed in partnership with the community and do not represent official Microsoft software. As such, support is not available through premier or other official support channels. If you find an issue or have questions please reach out through the issues list and we'll do our best to assist, but there is no support SLA associated with these tools.
# Code of Conduct
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
# Legal Notices
Microsoft and any contributors grant you a license to the Microsoft documentation and other content in this repository under the Creative Commons Attribution 4.0 International Public License, see the LICENSE file, and grant you a license to any code in the repository under the MIT License, see the LICENSE-CODE file.
Microsoft, Windows, Microsoft Azure and/or other Microsoft products and services referenced in the documentation may be either trademarks or registered trademarks of Microsoft in the United States and/or other countries. The licenses for this project do not grant you rights to use any Microsoft names, logos, or trademarks. Microsoft's general trademark guidelines can be found at http://go.microsoft.com/fwlink/?LinkID=254653.
Privacy information can be found at https://privacy.microsoft.com/en-us/
Microsoft and any contributors reserve all others rights, whether under their respective copyrights, patents, or trademarks, whether by implication, estoppel or otherwise.

214
Scripts/Generate-LAQuery-v3.ps1 Normal file
Просмотреть файл

@ -0,0 +1,214 @@
<#
.COPYRIGHT
Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.
See LICENSE in the project root for license information.
#>
####################################################
#Script to generate Log Analytics query for Office 365 service areas
# Accepted input for Services parameter are Exchange or Sharepoint or Skype
# Accepted input format for startdate and enddate is
#startdate: 2018-11-01T09:00
#enddate: 2018-11-12T09:00
######################################################################################################
[CmdletBinding(SupportsShouldProcess=$True)]
Param (
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[string] $services,
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[string] $startdate,
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[string] $enddate
)
# POST method: $req
#$requestBody = Get-Content $req -Raw | ConvertFrom-Json
#$services = $requestBody.service
#$startdate = $requestBody.startdate
#$enddate = $requestBody.enddate
#if (!$startdate) {
# $startdate = "2018-04-25T00:00"
#}
#if (!$enddate) {
#$enddate = "2018-04-28T00:00"
#}
#if (!$services) {
#$services = "SharePoint"
#}
function Get-IPrange
{
<#
.SYNOPSIS
Get the IP addresses in a range
.EXAMPLE
Get-IPrange -start 192.168.8.2 -end 192.168.8.20
.EXAMPLE
Get-IPrange -ip 192.168.8.2 -mask 255.255.255.0
.EXAMPLE
Get-IPrange -ip 192.168.8.3 -cidr 24
#>
param
(
[string]$start,
[string]$end,
[string]$ip,
[string]$mask,
[int]$cidr
)
function IP-toINT64 () {
param ($ip)
$octets = $ip.split(".")
return [int64]([int64]$octets[0]*16777216 +[int64]$octets[1]*65536 +[int64]$octets[2]*256 +[int64]$octets[3])
}
function INT64-toIP() {
param ([int64]$int)
return (([math]::truncate($int/16777216)).tostring()+"."+([math]::truncate(($int%16777216)/65536)).tostring()+"."+([math]::truncate(($int%65536)/256)).tostring()+"."+([math]::truncate($int%256)).tostring() )
}
if ($ip) {$ipaddr = [Net.IPAddress]::Parse($ip)}
if ($cidr) {$maskaddr = [Net.IPAddress]::Parse((INT64-toIP -int ([convert]::ToInt64(("1"*$cidr+"0"*(32-$cidr)),2)))) }
if ($mask) {$maskaddr = [Net.IPAddress]::Parse($mask)}
if ($ip) {$networkaddr = new-object net.ipaddress ($maskaddr.address -band $ipaddr.address)}
if ($ip) {$broadcastaddr = new-object net.ipaddress (([system.net.ipaddress]::parse("255.255.255.255").address -bxor $maskaddr.address -bor $networkaddr.address))}
if ($ip) {
$startaddr = IP-toINT64 -ip $networkaddr.ipaddresstostring
$endaddr = IP-toINT64 -ip $broadcastaddr.ipaddresstostring
} else {
$startaddr = IP-toINT64 -ip $start
$endaddr = IP-toINT64 -ip $end
}
INT64-toIP -int $startaddr
INT64-toIP -int $endaddr
}
function GetIpAddressesForService ($serviceArea) {
<#
.SYNOPSIS
Get the IP addresses for a given O365 Service
.EXAMPLE
GetIpAddressesForService("Exchange")
#>
#if (!$serviceArea) {
# $serviceArea = "Exchange"
#}
# webservice root URL
$ws = "https://endpoints.office.com"
$clientRequestId = [guid]::NewGuid()
$O365instance = "Worldwide"
# invoke endpoints method to get the new data
$endpointSets = Invoke-RestMethod -Uri ($ws + "/endpoints/"+$O365instance+"?clientRequestId=" + $clientRequestId)
$flatIps = $endpointSets | ForEach-Object {
$endpointSet = $_
if ($endpointSet.serviceArea -eq $services -and ($endpointset.id -eq 1 -or $endpointset.id -eq 9 -or $endpointset.id -eq 11 -or $endpointset.id -eq 12 -or $endpointset.id -eq 31)) {
$ips = $(if ($endpointSet.ips.Count -gt 0) { $endpointSet.ips } else { @() })
# IPv4 strings have dots while IPv6 strings have colons
$ip4s = $ips | Where-Object { $_ -like '*.*' }
$IpCustomObjects = @()
if ($endpointSet.tcpPorts -or $endpointSet.udpPorts) {
$IpCustomObjects = $ip4s | ForEach-Object {
[PSCustomObject]@{
category = "Allow";
ip = $_;
tcpPorts = $endpointSet.tcpPorts;
udpPorts = $endpointSet.udpPorts;
}
}
}
$IpCustomObjects
}
}
return $flatIps
}
function Get-BwData($serviceArea) {
$mySubnets = GetIpAddressesForService($serviceArea)
$firstItem = 0
$IpRanges = $mySubnets.ip | ForEach-Object {
$mySubnet = $_.split("/")
if ($mySubnet[1] -eq "32") {
$IpRange = $mySubnet[0]
if ($firstItem -eq 0) {
$KustoQuery += " | where (parse_ipv4(DestinationIp) == parse_ipv4('"+$IpRange+"'))"
} else {
$KustoQuery += " or (parse_ipv4(DestinationIp) == parse_ipv4('"+$IpRange+"'))"
}
} elseif ($mysubnet[1] -ne "32") {
$IpRange = Get-IPrange -ip $mySubnet[0] -cidr $mySubnet[1]
if ($firstItem -eq 0) {
$KustoQuery += " | where (parse_ipv4(DestinationIp) >= parse_ipv4('"+$IpRange[0]+"') and parse_ipv4(DestinationIp) <= parse_ipv4('"+$IpRange[1]+"')) "
} else {
$KustoQuery += " or (parse_ipv4(DestinationIp) >= parse_ipv4('"+$IpRange[0]+"') and parse_ipv4(DestinationIp) <= parse_ipv4('"+$IpRange[1]+"')) "
}
}
$firstItem = 1
}
return $KustoQuery
}
$OutputData = "VMConnection " # Change to VMConnection
$secondService = 1
foreach ($service in $services) {
$OutputData += Get-BwData($service)
$secondService++
}
$OutputData += " | where TimeGenerated > todatetime('"+$startdate+"') and TimeGenerated < todatetime('"+$enddate+"')"
##$OutputData += " | project SessionStartTime, TotalBytes " ## Potentially not needed anymore.
$ReturnMessage = ''+$OutputData+''
$Date = Get-Date
$Filename = "LogAnalyticsquery" + "_" + "$services" + "_" + $Date.Day + "-" + $Date.Month + "-" + $Date.Year + "_" + $Date.Hour + "-" + $Date.Minute + ".txt"
Out-File -Encoding ascii -FilePath "$ENV:Temp\$FileName" -InputObject $ReturnMessage
Write-Host "Log Analytics query written to '$ENv:Temp\$FileName'" -ForegroundColor Yellow