Powershell循环和子串
[英]Powershell Looping and Substring
问题描述
I am trying to scrub hundreds of DNS logs for analysis. 
我正在尝试清理数百个DNS日志以进行分析。 I found Powershell code through online research that I am leveraging. 我通过在线研究找到了Powershell代码,我正在利用它。 However, the code only processes one file at a time. 但是,代码一次只处理一个文件。 I would like to iterate the code over several files located in the same folder. 我想将代码迭代到位于同一文件夹中的几个文件。 In addition, I want to substring the filename of each DNS log to obtain the server name (first 10 characters of the file name). 另外,我想要对每个DNS日志的文件名进行子串,以获取服务器名称(文件名的前10个字符)。
I used Get-ChildItem to iterate over multiple files and I believe that is successful. 我使用Get-ChildItem迭代多个文件,我相信这是成功的。 However, I am stuck on how to get the Server name from the file and putting it in a column. 但是,我仍然坚持如何从文件中获取服务器名称并将其放在列中。
function Get-DNSDebugLog
{
[CmdletBinding()]
param(
[Parameter(Mandatory=$false, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)]
[Alias('Fullname')]
[string] $DNSLog = 'StringMode')
BEGIN { }
PROCESS {
$TheReverseRegExString='\(\d\)in-addr\(\d\)arpa\(\d\)'
ReturnDNSLogLines -DNSLog $DNSLog | % {
if ( $_ -match '^\d\d|^\d/\d' -AND $_ -notlike '*EVENT*' -AND $_ -notlike '* Note: *') {
$Date=$null
$Time=$null
$DateTime=$null
$Protocol=$null
$Client=$null
$SendReceive=$null
$QueryType=$null
$RecordType=$null
$Query=$null
$Result=$null
$Date=($_ -split ' ')[0]
$ServerName = $null
# Check log time format and set properties
if ($_ -match ':\d\d AM|:\d\d PM') {
$Time=($_ -split ' ')[1,2] -join ' '
$Protocol=($_ -split ' ')[7]
$Client=($_ -split ' ')[9]
$SendReceive=($_ -split ' ')[8]
$RecordType=(($_ -split ']')[1] -split ' ')[1]
$Query=($_.ToString().Substring(110)) -replace '\s' -replace '\(\d?\d\)','.' -replace '^\.' -replace "\.$"
$Result=(((($_ -split '\[')[1]).ToString().Substring(9)) -split ']')[0] -replace ' '
$ServerName=@{N='First5Chars';E={$_.BaseName.SubString(0,5)}}
}
elseif ($_ -match '^\d\d\d\d\d\d\d\d \d\d:') {
$Date=$Date.Substring(0,4) + '-' + $Date.Substring(4,2) + '-' + $Date.Substring(6,2)
$Time=($_ -split ' ')[1] -join ' '
$Protocol=($_ -split ' ')[6]
$Client=($_ -split ' ')[8]
$SendReceive=($_ -split ' ')[7]
$RecordType=(($_ -split ']')[1] -split ' ')[1]
$Query=($_.ToString().Substring(110)) -replace '\s' -replace '\(\d?\d\)','.' -replace '^\.' -replace "\.$"
$Result=(((($_ -split '\[')[1]).ToString().Substring(9)) -split ']')[0] -replace ' '
$ServerName=@{N='First5Chars';E={$_.BaseName.SubString(0,5)}}
}
else {
$Time=($_ -split ' ')[1]
$Protocol=($_ -split ' ')[6]
$Client=($_ -split ' ')[8]
$SendReceive=($_ -split ' ')[7]
$RecordType=(($_ -split ']')[1] -split ' ')[1]
$Query=($_.ToString().Substring(110)) -replace '\s' -replace '\(\d?\d\)','.' -replace '^\.' -replace "\.$"
$Result=(((($_ -split '\[')[1]).ToString().Substring(9)) -split ']')[0] -replace ' '
$ServerName=@{N='First5Chars';E={$_.BaseName.SubString(0,5)}}
}
$DateTime=Get-Date("$Date $Time") -Format 'yyyy-MM-dd HH:mm:ss'
if ($_ -match $TheReverseRegExString) {
$QueryType='Reverse'
}
else {
$QueryType='Forward'
}
$returnObj = New-Object System.Object
$returnObj | Add-Member -Type NoteProperty -Name Date -Value $DateTime
$returnObj | Add-Member -Type NoteProperty -Name QueryType -Value $QueryType
$returnObj | Add-Member -Type NoteProperty -Name Client -Value $Client
$returnObj | Add-Member -Type NoteProperty -Name SendReceive -Value $SendReceive
$returnObj | Add-Member -Type NoteProperty -Name Protocol -Value $Protocol
$returnObj | Add-Member -Type NoteProperty -Name RecordType -Value $RecordType
$returnObj | Add-Member -Type NoteProperty -Name Query -Value $Query
$returnObj | Add-Member -Type NoteProperty -Name Results -Value $Result
if ($returnObj.Query -ne $null) {
Write-Output $returnObj
}
}
}
}
END { }
}
function ReturnDNSLogLines
{
param(
$DNSLog)
$PathCorrect=try { Test-Path $DNSLog -ErrorAction Stop } catch { $false }
if ($DNSLog -match '^\d\d|^\d/\d' -AND $DNSLog -notlike '*EVENT*' -AND $PathCorrect -ne $true) {
$DNSLog
}
elseif ($PathCorrect -eq $true) {
Get-Content $DNSLog | % { $_ }
}
}
$DNSlogs = Get-ChildItem "C:/users/Desktop/*.log" |
foreach ($d in $DNSlogs):{
$Servername = $DNSlogs[0]}
Get-DNSDebugLog -DNSLog "C:/users/Desktop/*.log" | Export-Csv .\ProperlyFormatedLog2.csv.
1 个解决方案
解决方案1
0 2019-06-06 20:03:22
This is not going to be the best approach, but this should work without changing your function code. 这不是最好的方法,但这应该可以在不更改功能代码的情况下工作。
$DNSlogs = Get-ChildItem "C:/users/Desktop/*.log"
foreach ($d in $DNSlogs) {
$Servername = $d.basename.substring(0,[math]::Min(10,$d.basename.length))
Get-DNSDebugLog -DNSLog $d.FullName | Select *,@{n='ServerName';e={$ServerName}} | Export-Csv -Path '.\ProperlyFormatedLog2.csv' -NoTypeInformation -Append
}
I know you said you wanted the first 10 characters of the filename for the server name. 我知道你说你想要服务器名称的前10个字符的文件名。 I did add the [Math]::Min() function go grab all of the characters if their length is less than 10 just in case you have a short server name. 我添加了[Math]::Min()函数,如果长度小于10,请抓取所有字符,以防万一你有一个短的服务器名称。 The .basename property of the file object contains the filename excluding the extension. 文件对象的.basename属性包含不包括扩展名的文件名。
I feel like a rewrite may be needed to do EVERYTHING you want, which includes parallel processing while getting the server name. 我觉得可能需要重写才能做你想要的一切,包括获取服务器名称时的并行处理。 I also see that your function sets $ServerName , but you never use it. 我也看到你的函数设置$ServerName ,但你从不使用它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.