PowerShell日志文件处理
目标是获取此awk文件:
#!/usr/bin/awk -f
BEGIN { LastSource = "" # BEGIN Block
ORS = "" # ORS set to default a.k.a newline
Sources = 0 # Variable created and set to 0
Ports = 0 # Variable created and set to 0
FS = ":" # Field Seperator set to a colon
} # End of the BEGIN Block
{ # Open Block
if ($1 != LastSource){ # First Field not = Last Source execute following
ORS = "\n"
print " " # formatting
ORS = " " # ORS set to space for same line print
print $1, $2 # printing Source IP and Destination Port
LastSource = $1 # set LastSource to SourceIP
Sources += 1 # Increment Source by 1
Ports += 1 # Increment Ports by 1
} else {
ORS = " "
print $2 # Print DestPort to current line (multi port per IP)
Ports += 1 # Increment Ports by 1
}
}
END { ORS = "\n" # END Block execute after last line is read
print "\n\n" "Total Sources = ", Sources # Print two new lines and text followed by the variable Sources
print "Unique Ports Scanned = ", Ports # Print text followed by the variable Ports
}
# Command Line:
# grep 'INext-DROP-DEFLT' sample.log.txt | sed -e 's/.*SRC=//' -e 's/ .*DPT=/:/' -e 's/ .*//' | sort | uniq | awk -f Lab3Submission.awk
输出= 
并通过Powershell将其转换为等效输出。
我目前有以下命令
gc sample.log | sls "INext-DROP-DEFLT" | ForEach-Object { $_.line -match "SRC=(.*?)\s" > $null;$matches[1] + ":" + $matches[2] } | sort | Get-Unique | ForEach-Object -Begin { $LastSource = " "; $sources = 0; $ports = 0; } -process { $ip = $_.split(":")[0]; $port = $_.split(":")[1]; if($1 -ne $LastSource){print $1, $2 $LastSource = $1 $sources += 1 $Ports += 1 } else { print $2 $Ports += 1 } } END { print "\n\n" "Total Sources = ", $sources p
rint "Unique Ports Scanned = ", $Ports }
并收到此错误
不确定如何继续。
日志文件供参考: LogFileTinyUplaod
1 个答案:
答案 0 :(得分:1)
不确定如何继续。
- 首先,应用一些Powershell Best Practices(代码格式,缩进,...)。
- 然后,在用
END替换-end后,您会收到很多其他错误......
以下代码段应该完成这项工作(虽然建议avoid Write-Host ,除非您的目标是仅向主机写入;相反,我会构建一些{{3}存储结果以供进一步使用)。
Get-Content D:\Downloads\SO\sample.log |
Select-String -Pattern "INext-DROP-DEFLT\s.*SRC=(.*?)\s.*DPT=(.*?)\s" -AllMatches |
ForEach-Object {$_.Matches} |
ForEach-Object {$_.Groups[1].Value + ':' + $_.Groups[2].Value} | # PSCustomObject place
Sort-Object |
Get-Unique |
ForEach-Object -Begin {
$LastSource = [string]::Empty;
$sources = 0;
$ports = 0;
} -process {
$ip, $port = $_.split(":");
if ($ip -ne $LastSource) {
Write-Host "`n$ip $port" -NoNewline; # print Source IP and Destination Port
$LastSource = $ip;
$sources += 1;
$Ports += 1;
} else {
Write-Host " $port" -NoNewline; # Print DestPort to current line (multi port per IP)
$Ports += 1;
}
} -end {
Write-Host "`nTotal Sources = $sources";
Write-Host "Unique Ports Scanned = $Ports";
}
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?