LR-Utilities/LR-DeleteLogs.ps1 at master · lrchma/LR-Utilities · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
<#
.NAME
LR-DeleteLogs


.SYNOPSIS
LogRhythm generated log files can consume a large amount of disk space.  To ensure they don't consume all the available disk you can use this script manually or via a scheduled task to keep them disks full of space.


.DESCRIPTION
100% unofficial.  If it were possible to have more than 100% it'd be in that range!

#>

param(
  [Parameter(Mandatory=$false)]
  [string]$testMode = "true",
  [Parameter(Mandatory=$true)]
  [int]$deleteFilesOlderThan = -30
)

#ISE Testing
#remove-variable tempFileSize
#remove-variable totalSpaceReclaimed

#This script use Invoke-RestMethod which only comes with PowerShell 3.0 of higher.
if ($PSVersionTable.PSVersion -lt [Version]"3.0") {
  write-host "PowerShell version " $PSVersionTable.PSVersion "not supported.  This script requires PowerShell 3.0 or greater." -ForegroundColor Red
  exit
}


$logFiles = @(
"C:\Program Files\LogRhythm\logs"
"C:\Program Files\LogRhythm\LogRhythm AI Engine\logs"
"C:\Program Files\LogRhythm\LogRhythm Alarming and Response Manager\logs"
"C:\Program Files\LogRhythm\LogRhythm Common\logs"
"C:\Program Files\LogRhythm\LogRhythm Console\logs"
"C:\Program Files\LogRhythm\LogRhythm Job Manager\logs"
"C:\Program Files\LogRhythm\LogRhythm Mediator Server\logs"
"C:\Program Files\LogRhythm\LogRhythm System Monitor\logs"
"C:\Program Files\LogRhythm\LogRhythm Threat Intelligence Service\logs"
"C:\Program Files\LogRhythm\LogRhythm Web Console\logs"
"C:\Program Files\LogRhythm\LogRhythm Web Console UI\logs"
"C:\Program Files\LogRhythm\LogRhythm Web Services\logs"
"C:\Program Files\LogRhythm\Data Indexer\Denorm"
"C:\Program Files\LogRhythm\Data Indexer\logs"
"C:\Program Files\LogRhythm\Data Indexer\elasticsearch\logs"
"C:\Program Files\LogRhythm\Data Indexer\grafana\logs"
"C:\Program Files\LogRhythm\Data Indexer\logs\diags"
"C:\Program Files\LogRhythm\LogRhythm Administration API\logs"
"C:\Program Files\LogRhythm\LogRhythm AIE Drilldown\logs"
"C:\Program Files\LogRhythm\LogRhythm AIE Drilldown\LogRhythm Notification Service\bin\Logs"
"C:\Program Files\LogRhythm\LogRhythm Authentication Services\logs"
"C:\Program Files\LogRhythm\LogRhythm Threat Intelligence Service\logs\archive"
"C:\Program Files\LogRhythm\LogRhythm Web Console\nginx\logs"
"C:\Program Files\LogRhythm\LogRhythm Web Services\LogRhythm Threat Intelligence API\vendor\threatIntelligenceAPI\logs"
"C:\Program Files\LogRhythm\LogRhythm Web Services\LogRhythm Web Console UI\logs"
)

try
{

if($testMode -eq "true"){

    #Test Mode - Don't delete files
    foreach ($logFile in $logFiles){
        if (Test-Path $logFile){
                $itemsToDelete = dir $logFile -Recurse -File *.log | Where LastWriteTime -lt ((get-date).AddDays($deleteFilesOlderThan))

                foreach($item in $itemsToDelete){
                    $tempFileSize = ((Measure-Object -inputObject $item -Property Length -Sum -ErrorAction Stop).Sum / 1MB)
                    $totalSpaceReclaimed = $totalSpaceReclaimed + $tempFileSize
                    ("{0}\{1}" -f $item.DirectoryName, $item.Name) | Remove-Item -Verbose -WhatIf
                }
        }else
        {
            write-host "$logFile not found"
        }

}
                if ($totalSpaceReclaimed){
                        write-host "Total disk space reclaimed (MB): $totalSpaceReclaimed"
                }else{
                        write-host "Looks like no files met criteria."
                }
             }
             else{

     #Live Mode - Delete Files
     foreach ($logFile in $logFiles){
            if (Test-Path $logFile){
                $itemsToDelete = dir $logFile -Recurse -File *.log | Where LastWriteTime -lt ((get-date).AddDays($deleteFilesOlderThan))

                foreach($item in $itemsToDelete){
                        $tempFileSize = ((Measure-Object -inputObject $item -Property Length -Sum -ErrorAction Stop).Sum / 1MB)
                        $totalSpaceReclaimed = $totalSpaceReclaimed + $tempFileSize
                        ("{0}\{1}" -f $item.DirectoryName, $item.Name) | Remove-Item -Verbose
                    }
            }else
            {
                write-host "$logFile not found"
            }
        }
        if ($totalSpaceReclaimed){
                write-host "Total disk space reclaimed (MB): $totalSpaceReclaimed"
        }else{
                write-host "Looks like no files met criteria."
        }
    }
}
 catch [System.UnauthorizedAccessException]
    {
        Write-Output "Unauthorized Access Exception: $logFile.  You shouldn't be here, but perhaps the folder path doesn't exist."
        Continue
    }
catch [System.IO.IOException]
{
        Write-Output "File In Use Exception: $item.Name.  Processes happen."
        Continue
}
catch {
        Write-Output "Exception: $_.Exception.  Well, this is awkward..."
}
Finally
{
}