在PowerShell中编写日志定制日志阅读器

时间:2017-12-01 15:23:51

标签: powershell logging

我正在尝试创建一个日志阅读器。数据看起来像这样:

2017-11-27 13:24:41,791 [8] INFO CTSipEndpoint.CLogger.provider.gsiplib [(null)] - -00001 [Info] 4744 | REGISTERdialog [1] 2-e:5; t:1-3(dn:85188)

2017-11-27 13:24:41,791 [8] INFO CTSipEndpoint.CLogger.provider.gsiplib [(null)] - -00001 [Info] 4744 | REGISTERdialog [1]事件2 REG /接受

我正在尝试执行以下操作:

  1. 仅返回过去48小时内的行以进一步查询。
  2. 从上面返回包含以下短语的所有行:" error" "设备","不存在","无法识别发言人!","警告"

    3. 到目前为止,我只能以低效的方式使用它,它针对每个短语的文件运行并附加一个数组。不幸的是,这意味着日期时间变为非连续的。我现在需要将脚本末尾的内容对象按顺序排序,或者找到一种更智能地运行此查询的方法。这是我的脚本供参考:

    $logfile =  "C:\users\test\desktop\programlogs.log" 
$content = ""
cat $logfile |
Select-String "ERROR" -SimpleMatch |
  select -expand line |
   foreach {
              $_ -match '(.+)\s\[(ERROR)\]\s(.+)'| Out-Null 
              $error_time = [datetime]($matches[1]).split(",")[0]
              if ($error_time -gt (Get-Date).AddDays(-2))  {
               $content += $_ + "`n"
               } 
            }

cat $logfile |
Select-String "device" -SimpleMatch |
  select -expand line |
   foreach {
              $_ -match '(.+)\s\[(device)\]\s(.+)'| Out-Null 
              $error_time = [datetime]($matches[1]).split(",")[0]
              if ($error_time -gt (Get-Date).AddDays(-2))  {
               $content += $_ + "`n"
               } 
            }           


cat $logfile |
Select-String "does not exist" -SimpleMatch |
  select -expand line |
   foreach {
              $_ -match '(.+)\s\[(does not exist)\]\s(.+)'| Out-Null 
              $error_time = [datetime]($matches[1]).split(",")[0]
              if ($error_time -gt (Get-Date).AddDays(-2))  {
               $content += $_ + "`n"
               } 
            }


cat $logfile |
Select-String "Could not identify speaker!" -SimpleMatch |
  select -expand line |
   foreach {
              $_ -match '(.+)\s\[(Could not identify speaker!)\]\s(.+)'| Out-Null 
              $error_time = [datetime]($matches[1]).split(",")[0]
              if ($error_time -gt (Get-Date).AddDays(-2))  {
               $content += $_ + "`n"
               } 
            }           

cat $logfile |
Select-String "Warn" -SimpleMatch |
  select -expand line |
   foreach {
              $_ -match '(.+)\s\[(Warn)\]\s(.+)'| Out-Null 
              $error_time = [datetime]($matches[1]).split(",")[0]
              if ($error_time -gt (Get-Date).AddDays(-2))  {
               $content += $_ + "`n"
               } 
            }                   


            $content = $content | select -uniq
            $file = "c:\temp\shortenedlog.txt"
            $content| Add-Content -Path $file

2 个答案:

答案 0 :(得分:0)

这是一个简短的看法,让我知道这是否有帮助或需要调整:

$newlog=@()
$logfile =  get-content C:\temp\programlogs.log
$searchFor="error","device","does not exist","Could not identify speaker!","warn"
foreach($line in $logfile){
    if($line.Length -gt 18){
        $datetime=date $line.substring(0,$line.indexof(","))
        if(((date)-$datetime).TotalHours -lt 49){
            $keep=$false
            foreach($item in $searchFor){
                if($line.contains($item)){ $keep=$true }
            } 
            if ($keep){$newlog+=$line}
        }
    }
}

$newlog | sort | % {add-content C:\temp\NewLog.log $_}

答案 1 :(得分:0)

在我感兴趣的日子里提出了一个解决方案,然后是搜索条件。使用此解决方案可以快速工作。

#Set parameters.
$File = "c:\temp\RefinedLogs.txt"
$DateParam = (Get-Date).AddDays(-1).ToString('yyyy-MM-dd')
$DateParam1 = (Get-Date).ToString('yyyy-MM-dd')
$SearchForDate = @("$dateparam", "$dateparam1")
$SearchFor=@("error","device","does not exist","Could not identify speaker!","warn")

#Filter file with dates set in $SearchForDate.
$DateFiltered = Get-Content '.\MyAPP.log' | Select-String -Pattern $SearchForDate -SimpleMatch


#Filter variable for phrases set in $SearchFor.
$Content = $DateFiltered | Select-String -Pattern $SearchFor -SimpleMatch 

#Make results readable
ForEach($line in $content){
    $Object = "$line" + "`n"
    $FinalResult +=  $Object
    }

#Output results.
write-host $FinalResult
相关问题
最新问题