[英]how to search multiple text files for IP addresses and output the IP addresses found to a text file using powershell?
I am hitting a brick wall with this. 我正在用这个打砖墙。 I was tasked with searching the IIS logs on a list of Windows servers and creating a report of all of the IP addresses that connect to the server in the log files.
我的任务是在Windows服务器列表中搜索IIS日志,并在日志文件中创建连接到服务器的所有IP地址的报告。 If I were using Linux, it would be easy.
如果我使用Linux,那将很容易。 I could just use grep and cut and be done in a few minutes.
我可以使用grep和cut并在几分钟内完成。 However, these are internal servers and I have no way of accessing them from a BASH shell.
但是,这些是内部服务器,我无法从BASH shell访问它们。 I am required to create a script and run it on each server locally using powershell.
我需要创建一个脚本并使用PowerShell在本地服务器上运行它。
As close as I've been able to get is to first run a script that searches all of the .log files in C:\\inetpub\\logs\\LogFiles\\ for anything that looks like an IPV4 address and dump that into a CSV file 我能够得到的就是首先运行一个脚本来搜索C:\\ inetpub \\ logs \\ LogFiles \\中的所有.log文件,查找看起来像IPV4地址的任何内容并将其转储到CSV文件中
get-childItem C:\inetpub\logs\logfiles\ -include *.log -rec | select-String -pattern ‘\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b’ | select-Object -Propery 'Line' | export-CSV C:\temp\output.txt -notypeinformation
which creates a csv file containing each log line with an IP address in it. 这会创建一个包含每个日志行的csv文件,其中包含IP地址。 Then I run a second script against that file that looks for IP addresses and outputs them to another file (admittedly 'borrowed' from somewhere online)
然后我针对该文件运行第二个脚本,该文件查找IP地址并将它们输出到另一个文件(不可否认地从某个地方“借用”)
$FilesOfInterest = (
"*.csv"
)
$pattern = ‘\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b’
function FindFilesWithContent($Root, $Include, $Pattern){
try{
Get-ChildItem -Path:$Root -Include:$Include `
-Recurse -Force -ErrorAction:SilentlyContinue |
?{!$_.PSIsContainer} |
ForEach-Object{
Write-Progress $_.FullName;
$item = $_;
Get-Content $_ -ErrorAction SilentlyContinue |
ForEach-Object {
if($_ -match $Pattern){
"" | select filename,match | %{
$_.filename = $item.FullName;
$_.match = $matches[0];
return $_
}
}
}
}
}
catch{
}
}
FindFilesWithContent -Root C:\temp -Include $FilesOfInterest -Pattern $pattern |export-csv C:\temp\filtered.csv
the problem I'm having is that as soon as it finds an IP address, it skips to the next line. 我遇到的问题是,一旦找到IP地址,它就会跳到下一行。 Each line of the log file begins with a timestamp and the IP address of the server itself, so what I end up with is about 130,000 lines of 192.168.1.X which is completely useless to me.
日志文件的每一行都以时间戳和服务器本身的IP地址开头,所以我最终得到的是130,000行192.168.1.X,这对我来说完全没用。
If I were using Linux, it would be easy.
如果我使用Linux,那将很容易。 I could just use grep and cut and be done in a few minutes.
我可以使用grep和cut并在几分钟内完成。 However, these are internal servers and I have no way of accessing them from a BASH shell.
但是,这些是内部服务器,我无法从BASH shell访问它们。
On Windows, the most viable way of efficiently querying IIS log files is by far using Microsoft's LogParser utility . 在Windows上,有效查询IIS日志文件的最可行方法是使用Microsoft的LogParser实用程序 。
LogParser supports SQL-like queries, to get a list of all client IP addresses in the logs: LogParser支持类似SQL的查询,以获取日志中所有客户端IP地址的列表:
logparser "SELECT DISTINCT c-ip INTO C:\clientips.txt FROM C:\inetpub\logs\logfiles\*.log"
For analyzing IIS logs, I would highly recommend using Logparser . 为了分析IIS日志,我强烈建议使用Logparser 。 A easy to use command line tool that uses a SQL dialect to extract information from data sources.
一种易于使用的命令行工具,它使用SQL方言从数据源中提取信息。
You can use the code below to get the IPs reaching your site. 您可以使用以下代码获取到达您网站的IP。 Just chose the logfilename, or if you want to analyze more then one logfile, just use a wildcard like "c:/logs/ex*"
只需选择logfilename,或者如果要分析多个日志文件,只需使用通配符,如“c:/ logs / ex *”
logparser "select c-ip, count(c-ip) as requestcount from [LogFileName] group by c-ip order by count(c-ip) desc"
If you ain't a big fan of SQL, someone wrote This with more then 50 useful examples! 如果你不是SQL的忠实粉丝,有人用超过50个有用的例子写了这个 !
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.