1

I have a bunch of IIS logs and powershell 2.0.

Currently i'm using the following command to find some info out about them (where 'crossdomain' occurs in them):

dir -r -i *.log | select-string "crossdomain" | Select-Object | export-csv test.csv

This then gives me some data like so:

TRUE    1132740 2011-06-09 11:13:49 W3SVC322653822 myserver-WEB1 1.1.1.1 GET /crossdomain.xml - 80 - 1.1.1.1 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.0;+Trident/4.0;+GTB6.5;+SLCC1;+.NET+CLR+2.0.50727;+Media+Center+PC+5.0;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30618) WT_FPC=id=82.40.25.58-3980883472.30062468:lv=1307614413232:ss=1307614405277;+__utma=151217894.932228880.1307618019.1307618019.1307618019.1;+__utmz=151217894.1307618019.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);+myserverVISITOR=eyJzaVZpc2l0VHJhY2tpbmcxIjpbeyJWSVNJVERBVEUiOiJNYXksIDEzIDIwMTEgMDY6NTc6NTAiLCJTVEFOREFSRElURU1JRCI6NjQ0MTkzLjB9LHsiVklTSVREQVRFIjoiTWF5LCAxMyAyMDExIDE1OjU0OjMyIiwiU1RBTkRBUkRJVEVNSUQiOjYwMzc4OC4wfSx7IlZJU0lUREFURSI6Ik1heSwgMTUgMjAxMSAxMzo0MDoxNCIsIlNUQU5EQVJESVRFTUlEIjo2NDQxOTUuMH0seyJWSVNJVERBVEUiOiJNYXksIDE1IDIwMTEgMTQ6MDE6NDEiLCJTVEFOREFSRElURU1JRCI6NjQ0MTkyLjB9LHsiVklTSVREQVRFIjoiTWF5LCAxNSAyMDExIDE0OjAzOjIyIiwiU1RBTkRBUkRJVEVNSUQiOjY0NDIxMC4wfSx7IlZJU0lUREFURSI6Ik1heSwgMTUgMjAxMSAxNDoyMTozMiIsIlNUQU5EQVJESVRFTUlEIjo2NDQ2MjAuMH0seyJWSVNJVERBVEUiOiJNYXksIDIyIDIwMTEgMDk6MTM6NTIiLCJTVEFOREFSRElURU1JRCI6NjI5NzYyLjB9LHsiVklTSVREQVRFIjoiSnVuZSwgMDcgMjAxMSAxMTo1MjoxMiIsIlNUQU5EQVJESVRFTUlEIjo2NDUxMjMuMH1dLCJ2aXNpdG9ySWQiOiI1QkFGNzg4NjNERDBENjQ3MUU4NkZENTYwQzU4NTFEMCJ9;+myserverGFSurvey=1;+ebNewBandWidth_.myserver.co.uk=251%3A1303383702897;+__utmb=151217894.1.10.1307618019;+__utmc=151217894 - myserver.co.uk 200 0 0 601 1506 0   W3SVC322653822_ex110609.log.log E:\w3\W3SVC322653822_ex110609.log.log   crossdomain     System.Text.RegularExpressions.Match[]

which is fine and dandy, but not dandy enough.

What I really want to do is get an export of the 7th column from the end where crossdomain occurs in the file. So this part in here:

**myserver.co.uk** 200 0 0 601 1506 0

(the myserver.co.uk)

any tips on this?

Cheers

Improve this question

2 Answers 2

Reset to default
2

Similar to Mjolinors' answer, but I'd try to keep the regexp as simple as possible. And since you've already selected lines with the word "crossdomain" you don't have to search for just that:

Get-Content test.csv  | Foreach-Object
{
   if ($_ -match '(\w+\.\w+\.\w+ \d+ \d+ \d+ \d+ \d+ \d+)')
   {
       $matches[1]
   }
}

You won't get any 'Unexpected token' error, but you might have to tweak the regexp to get the result you want (I'm presuming you're looking for a three-dot domain and six numbers after it).

And always use '' for strings when you don't need variable extrapolation. it's much safer.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1 
get-content  test.csv |
 foreach -object {
 $_ -match ".+\s([a-z\.]+)\s[\s\d]+\S+\s\S+\s+crossdomain\s+\S+$" > $nul
 $matches[1]
  }
Improve this answer

2 Comments

I'm trying this but i'm getting a Unexpected token 'matches' in expression or statement
I can't duplicate that errors. It worked fine for me with the test data that was posted. Are you sure got the script copied/pasted correctly?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.