我目前被分配了查找用户在我们的系统中登录的桌面的任务。我对Powershell相当新,所以我为很长的帖子和凌乱的脚本道歉
每当用户登录时,都会有一个登录脚本将此信息放入日志文件中。如下图所示。
Script started: 1/01/2010 00:00:00
Information : Script Ver: 1.05
Information : LOGONSERVER: %servername%
Information : USERNAME: %username%
Information : COMPUTERNAME: %computername%
Information : COMPUTER SITE: $location%
Information : OS Version: %system%
Information : Domain: %domain%
我需要同时获得"脚本开始:1/01/2010 00:00:00"和"信息:COMPUTERNAME:%computername%"然后将这些部分导出为CSV文件。我可以使用
获取信息$Str ComputerName = Get-Content -Path %log%| Select-String "COMPUTERNAME:"
对于多个用户,这只能让我从日志文件中登录到不是所有桌面的最后一台计算机。是否有办法获取所有计算机名称和脚本已启动并将它们导出到单独列中的CSV文件中?也许是一种更简单,更短的方式。
Foreach ($ObjCSVline in $(Import-csv "\\tgfilp05\hdact\DFP\Nat\Scripts\LastLogon\LastLogon.csv"))
{
$strUsername = $ObjCSVline.Lastlogon
try {
$arrUserIdOutput = Get-ADUser $strUsername -Properties homedirectory | select *
} catch {
Write-Host "User: " $strUsername" Does not exist"
}
$strUserHomeDirectory = $arrUserIdOutput.HomeDirectory
$strUserLogs = $strUserHomeDirectory + $strLogFile
if ((Test-Path $strUserLogs) -eq $true) {
$strLogs = Get-Content $strUserLogs | Select-String "Script started: " | Select-Object -Last 1
$Time = $strLogs -replace "Script started: ",""
$StrComp = Get-Content $strUserLogs | Select-String "Information : COMPUTERNAME: " | Select-Object -Last 1
$computerID = $StrComp -replace "Information : COMPUTERNAME: ",""
} else { $strUserLogs = $strUserLogs + $strOldLogFile
if ((Test-Path $strUserLogs) -eq $true) {
$strLogs = Get-Content $strUserLogs | Select-String "Script started: " | Select-Object -Last 1
$Time = $strLogs -replace "Script started: ",""
} else
{
Write-Host "unable to find log file for" $strUsername
}
}
$objOutput.desktop = $computerID
$objOutput.TimeOutput = $Time
$objOutput.Username = $strUsername
$objOutput | Select-Object Username,TimeOutput,desktop | Export-Csv "\\tgfilp05\hdact\DFP\Nat\Scripts\LastLogon\LastLogonDetails.csv" -Append -NoTypeInformation
}
答案 0 :(得分:0)
因此,考虑到日志文件的格式,我建议使用RegEx匹配" Script Started"或"信息:COMPUTERNAME:"或"信息:USERNAME:"。然后,对于每个匹配,我通过Switch运行该匹配,以将结果分配给$ LoginDate,$ UserName或$ ComputerName的相应变量。切换完成后,我检查是否记录了所有3个项目,如果是,则输出包含三个属性的自定义对象,并清除要为下一个登录记录设置的变量。这样就可以了:
GC $strUserLogs|?{$_ -match "(Script started:\s*?|Information.+?: COMPUTERNAME:.\s*?|Information.+?: USERNAME:.\s*?)(\w.*)"}|%{
Switch($Matches[1]){
{$Matches[1] -like "Script Started*"}{$LoginDate = $Matches[2]}
{$Matches[1] -like "*USERNAME*"}{$UserName = $Matches[2]}
{$Matches[1] -like "*COMPUTERNAME*"}{$ComputerName = $Matches[2]}
}
If($LoginDate -and $UserName -and $ComputerName){
[PSCustomObject]@{
"Login Date"=$LoginDate
"Computer Name"=$ComputerName
"User Name"=$UserName
}
Remove-Variable LoginDate,ComputerName,UserName
}
}|Sort "User Name","Login Date"|Export-CSV "\\tgfilp05\hdact\DFP\Nat\Scripts\LastLogon\LastLogonDetails.csv" -Append -NoTypeInformation
最后,我按用户和日期排序,并导出到示例中的日志文件。如果不导出到CSV并只让它输出到屏幕我解析了一个测试日志文件:
Script started: 1/01/2010 00:00:00
Information : Script Ver: 1.05
Information : LOGONSERVER: %servername%
Information : USERNAME: JimBob
Information : COMPUTERNAME: DesktopA
Information : COMPUTER SITE: $location%
Information : OS Version: %system%
Information : Domain: %domain%
Script started: 1/02/2010 00:00:00
Information : Script Ver: 1.05
Information : LOGONSERVER: %servername%
Information : USERNAME: MarySue
Information : COMPUTERNAME: LaptopB
Information : COMPUTER SITE: $location%
Information : OS Version: %system%
Information : Domain: %domain%
Script started: 1/03/2010 00:00:00
Information : Script Ver: 1.05
Information : LOGONSERVER: %servername%
Information : USERNAME: JimBob
Information : COMPUTERNAME: ServerC
Information : COMPUTER SITE: $location%
Information : OS Version: %system%
Information : Domain: %domain%
输出得很好:
Login Date Computer Name User Name
---------- ------------- ---------
1/01/2010 00:00:00 ServerC JimBob
1/03/2010 00:00:00 LaptopB JimBob
1/02/2010 00:00:00 DesktopA MarySue