我完成了我的脚本,它完成了我现在所需的一切,但它看起来像我正在创建的事件日志中的垃圾。任何有关如何清理输出的建议都将受到赞赏。
脚本完成时事件查看器中的结果是:
<xmlname> NAME OF AN ALARM </xmlname>
<xmlname> SOME CONTENT I NEED </xmlname>
<xmlname> MORE STUFF I NEED </xmlname>
我需要移除所有<>并将</>替换为:代码,但请保留内容。
所以它会读到
警报名称:&#34;此处有一些名字&#34;
以下是代码:
#get last time the powershell script was run
$LastRunStamp = (Get-Item C:\test\lastRunStamp.txt).LastWriteTime.DateTime
#write current timestamp to file
Get-Date > C:\test\Active\lastRunStamp.txt
foreach ($file in (Get-ChildItem C:\test\*.xml))
{
#calculate the time difference between file modified time and last time script was run
$span = new-timespan -start $file.LastWriteTime.DateTime -end $LastRunStamp
#if the file was modified since the last time the script run value will be less than 0
if($span.TotalSeconds -le 0)
{
#instantiate XML document object
$xdoc = new-object System.Xml.XmlDocument
#load up the XML contents into the object
$xdoc.load($file)
#check the value of the priority XML tag if it contains Major then write to event log
if ($xdoc.SelectSingleNode("//priorityname").innertext -eq 'Major')
{
#get the content of XML
$content = [string]([IO.File]::ReadAllText($file.FullName))
#mask the FQDN's
$content = $content.replace(".abc.com",".sensored").replace(".ad.local",".sensored FQDN")
#regex pattern to detect IP Addresses
$pattern = "\b((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\b"
#use regex to mask IP addresses
$contentScrubbed = [regex]::replace($content, $pattern, "sensored IP Address")
Write-EventLog -LogName Application -Source "Custom Alert" `
-EntryType Information -EventID 5000 `
-Message ("MAJOR ALARM TRIGGER: " + $contentScrubbed)
}
}
}
答案 0 :(得分:0)
$contentScrubbed = [regex]::replace($contentScrubbed, "</.*>", ":")
$contentScrubbed = [regex]::replace($contentScrubbed, "<.*>", "")