Question

我正在搜索以下日志文件中的错误，如果为true则收到邮件。

(DIAG:GENERAL)(01:02:07 28/12/2016)(FREE MEM.MB:248846)(USER:SYSTEM)(REMOTE:LOCAL)(Logger successfully started...)
(DIAG:GENERAL)(01:02:08 28/12/2016)(FREE MEM.MB:248878)(USER:SYSTEM)(REMOTE:LOCAL)(======================================)
(DIAG:GENERAL)(01:02:08 28/12/2016)(FREE MEM.MB:248878)(USER:SYSTEM)(REMOTE:LOCAL)(Starting 
(DIAG:GENERAL)(01:02:08 28/12/2016)(FREE MEM.MB:249051)(USER:SYSTEM)(REMOTE:LOCAL)(======================================)
(DIAG:GENERAL)(01:02:08 28/12/2016)(FREE MEM.MB:249057)(USER:SYSTEM)(REMOTE:LOCAL)(Class manager successfully initialized...)
(DIAG:GENERAL)(01:02:08 28/12/2016)(FREE MEM.MB:249069)(USER:SYSTEM)(REMOTE:LOCAL)(WinSock successfully initialized...)
(DIAG:GENERAL)(01:02:08 28/12/2016)(FREE MEM.MB:249069)(USER:SYSTEM)(REMOTE:LOCAL)(Thread manager successfully initialized...)
(DIAG:GENERAL)(01:02:08 28/12/2016)(FREE MEM.MB:249067)(USER:SYSTEM)(REMOTE:LOCAL)(Transaction subsystem successfully started...)
(DIAG:GENERAL)(01:04:29 28/12/2016)(FREE MEM.MB:201470)(USER:SYSTEM)(REMOTE:LOCAL)(Start init basis index reader... Name : )
(DIAG:GENERAL)(01:04:32 28/12/2016)(FREE MEM.MB:201470)(USER:SYSTEM)(REMOTE:LOCAL)(Stop  init basis index reader... Name :  Num : 655711255 Set : 655711255 + 
(DIAG:GENERAL)(01:04:46 28/12/2016)(FREE MEM.MB:200341)(USER:SYSTEM)(REMOTE:LOCAL)(...zipped 292527623 / 655711255 % 44.6123)
(DIAG:GENERAL)(01:05:03 28/12/2016)(FREE MEM.MB:200357)(USER:SYSTEM)(REMOTE:LOCAL)(...zipped 288669002 / 655711255 % 44.0238)
(DIAG:GENERAL)(01:14:35 28/12/2016)(FREE MEM.MB:202999)(USER:SYSTEM)(REMOTE:LOCAL)(RealTimeManager successfully launched... WIZZADOAS)
(DIAG:GENERAL)(01:14:35 28/12/2016)(FREE MEM.MB:202999)(USER:SYSTEM)(REMOTE:LOCAL)(PersistObjectCache initialize...COasStudiaFolderObject max = 1)
(DIAG:GENERAL)(01:14:35 28/12/2016)(FREE MEM.MB:202999)(USER:SYSTEM)(REMOTE:LOCAL)(Report Layout Manager init...)
(DIAG:GENERAL)(01:14:35 28/12/2016)(FREE MEM.MB:202999)(USER:SYSTEM)(REMOTE:LOCAL)(Report Packet Manager init...)
(DIAG:GENERAL)(01:14:35 28/12/2016)(FREE MEM.MB:202999)(USER:SYSTEM)(REMOTE:LOCAL)(Report Packet Parameter Manager init...)
(DIAG:GENERAL)(01:14:35 28/12/2016)(FREE MEM.MB:202999)(USER:SYSTEM)(REMOTE:LOCAL)(CommandManager successfully initialized...)
(DIAG:GENERAL)(01:14:36 28/12/2016)(FREE MEM.MB:202993)(USER:SYSTEM)(REMOTE:LOCAL)(PersistObjectCache initialize...COasHistoryTransactionObject max = 195069)
(DIAG:GENERAL)(01:14:36 28/12/2016)(FREE MEM.MB:202993)(USER:SYSTEM)(REMOTE:LOCAL)(ReferenceManager successfully initialized...)
(DIAG:GENERAL)(01:14:36 28/12/2016)(FREE MEM.MB:202993)(USER:SYSTEM)(REMOTE:LOCAL)(===================================)
(DIAG:GENERAL)(01:14:36 28/12/2016)(FREE MEM.MB:202993)(USER:SYSTEM)(REMOTE:LOCAL)(Server64 successfully started....)
(DIAG:GENERAL)(01:14:36 28/12/2016)(FREE MEM.MB:202993)(USER:SYSTEM)(REMOTE:LOCAL)(for exit please enter "q"...)
(DIAG:GENERAL)(01:14:36 28/12/2016)(FREE MEM.MB:202990)(USER:SYSTEM)(REMOTE:LOCAL)(Check the logfile for current state)
(DIAG:GENERAL)(01:14:36 28/12/2016)(FREE MEM.MB:202987)(USER:SYSTEM)(REMOTE:LOCAL)(===================================)
(DIAG:XMLRPC)(01:14:37 28/12/2016)(FREE MEM.MB:203014)(USER:SYSTEM)(REMOTE:10.67.125.250:3000)(XmlRpc: called member-method 'HandleEvent'.0)s ] = 1052239)

$a = Get-Content 'D:\log\server.log' | Select-String error

if (!($a -eq $null)) {
    $b = $a | Out-String
    Send-MailMessage -To $me -From $me -Subject "LIVE - Server ERRORs" -Body "$b" -Priority High -SmtpServer $smtp
}

到目前为止，非常好现在我想知道服务器为启动过程花了多长时间。信息在那里

(DIAG:GENERAL)(01:02:07 28/12/2016)(FREE MEM.MB:248846)(USER:SYSTEM)(REMOTE:LOCAL)(Logger successfully started...)

和

(DIAG:GENERAL)(01:14:36 28/12/2016)(FREE MEM.MB:202993)(USER:SYSTEM)(REMOTE:LOCAL)(Server64 successfully started....)

但我不知道如何用RegEx解析/比较它。

我很感激这方面的帮助，因为RegEx不是那么容易理解，说实话。

Answer 1

按(或)分割行，然后取第3个内容获取日期时间，然后将其解析为PowerShell日期时间，模式为：小时：分钟：秒日/月/年的：

$LoggerTime = Select-String 'logger successfully started' 'D:\log\server.log' | ForEach-Object { 

    [datetime]::ParseExact($_.Line.split('()')[3], 'HH:mm:ss dd/MM/yyyy', $null) 

}

$Server64Time = Select-String 'server64 successfully started' 'D:\log\server.log' | ForEach-Object { 

    [datetime]::ParseExact($_.Line.split('()')[3], 'HH:mm:ss dd/MM/yyyy', $null) 

}


Write-Host Server Startup took: ($Server64Time - $LoggerTime)

# e.g. Server Startup took: 00:12:29

当你减去两个[datetimes]时，你会得到一个[TimeSpan]。

NB。假设每行只在日志中出现一次。

Answer 2

你需要做两件事：

从日志文件中提取匹配的行：

$log   = Get-Content 'D:\log\server.log'
$line1 = $log -match 'Logger successfully started'
$line2 = $log -match 'Server64 successfully started'

从每一行中提取时间戳：

$ts = $line -replace '.*\((\d{2}:\d{2}:\d{2} \d{2}/\d{2}/\d{4})\).*', '$1'

将时间戳转换为DateTime值：

$culture = [Globalization.CultureInfo]::InvariantCulture
$d = [DateTime]::ParseExact($ts, 'HH:mm:ss dd\/MM\/yyyy', $culture)

并计算两个值之间的差异：

$startupTime = ($d2 - $d1).TotalMinutes

根据日志文件解析服务器启动时间

2 个答案: