?
Solved

Powershell Script to clean unwanted info from IIS log lines

Posted on 2009-12-30
8
Medium Priority
?
559 Views
Last Modified: 2012-05-08
I've created a powershell script to clean lines of code from IIS logs and copy the results to a new location like this (see Code)
So obviously I'm using a type command and passing a file name through an instance and using the same instance in the out-file to keep the file name the same.

this works fine to get the current date and open the file however each IIS folder I have (and there are four) have 250+ older files.  I need to extract the full lines within the older files that contain certain IPs.  I don't think I'm going to be able to use this little type command to do this.  Can anyone help me with proper code?

I need to accomplish this:
Open a UNC path on another machine which contains all my log files, one at a time extract what I don't need (the entire line based on an IP found on that line) and then save the resulting file to a different location.  
$date = Get-Date -format yyMMdd
$filename = "u_ex$date.log"
cd \
d:
cd iis1-w3svc1
(Type \\iisserver1\w3svc1\$filename) -notmatch "192.168.1.4" -notmatch "192.168.1.5" | out-file $filename
cd ..
cd iis1-w3svc2
(Type \\iisserver1\w3svc2\$filename) -notmatch "192.168.1.4" -notmatch "192.168.1.5" | out-file $filename
cd ..
cd iis2-w3svc1
(Type \\iisserver2\w3svc1\$filename) -notmatch "192.168.1.4" -notmatch "192.168.1.5" | out-file $filename
cd ..
cd iis2-w3svc2
(Type \\iisserver2\w3svc2\$filename) -notmatch "192.168.1.4" -notmatch "192.168.1.5" | out-file $filename

Open in new window

0
Comment
Question by:ThatVaiGuy
  • 4
  • 4
8 Comments
 
LVL 17

Expert Comment

by:Rovastar
ID: 26146941
0
 
LVL 1

Author Comment

by:ThatVaiGuy
ID: 26147247
Great, but even using logparser, what would the syntax look like?
0
 
LVL 17

Expert Comment

by:Rovastar
ID: 26147338
Logparser just uses SQL to make the queries and you use teh feilds inside teh IIS logs

c-ip , for the client IP etc

I presume you know of the basics of SQL syntax.

Here is one query that will point you in the right direction.

http://weblogs.asp.net/steveschofield/archive/2008/02/28/logparser-look-for-certain-ip-s-between-a-timeframe.aspx

ALso there are some great examples in LOgParserLizard a GUI for logparser

http://www.lizard-labs.net/PageHtml.aspx?lng=2&PageId=18&PageListItemId=17
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 17

Expert Comment

by:Rovastar
ID: 26147368
Also here are a few more examples

http://linuxlore.blogspot.com/2006/11/howto-use-microsofts-logparser-to.html

If you cannot get it from these examples. I'll post back with what you have got and I'll try and help further.
0
 
LVL 1

Author Comment

by:ThatVaiGuy
ID: 26147845
Rovastar, I have to admit, I really wanted to do this in Powershell and absolutely hated you telling me to use something else.  Now that I've taken a closer look at LogParser it really does seem to be the right tool to use to do ANYTHING with log files at all.  I'd still like to use PS if I could, but I think this is going to meet my needs better than PS, less a PS expert comment on this thread an prove me wrong.  Thanks for the suggestion, I'll comment back soon i'm sure with questions.  I'm vaguely familiar with SQL syntax so I'm sure there will be questions.  Thanks alot.
0
 
LVL 17

Assisted Solution

by:Rovastar
Rovastar earned 2000 total points
ID: 26147905
:) sorry to bear the bad news.

I am sure there must be away to do this in Powershell alas that is not my area of expertise but also I think LogParser is the right tool for the job. :)
0
 
LVL 1

Author Comment

by:ThatVaiGuy
ID: 26149426
Rovastar, you should learn powershell.  Here is all the Syntax I needed to get this completed in Powershell:

Let's assume here that the log files are on a server called IISServer in the folder w3svc1, and I want to pull these two IP addresses: 192.168.1.1 and 192.168.1.2 and I want to save the results to c:\w3svctest\{filename}

See the attached code snippet.  It's really simple.


$files = Get-ChildItem \\IISServer\w3svc1 -name
Foreach ($file in $files)
{
(type \\iisserver\w3svc1\$file) -notwith "192.168.1.1" -notwith "192.168.1.2" | out-file c:\w3svctest\$file
}

Open in new window

0
 
LVL 1

Accepted Solution

by:
ThatVaiGuy earned 0 total points
ID: 26149472
WAIT!!!  That last code snippett had a typo. It's not -notwith, it's -notmatch.  Here is the right code.
$files = Get-ChildItem \\IISServer\w3svc1 -name 
Foreach ($file in $files) 
{ 
(type \\iisserver\w3svc1\$file) -notmatch "192.168.1.1" -notmatch "192.168.1.2" | out-file c:\w3svctest\$file 
}

Open in new window

0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Nano Server Image Builder helps you create a custom Nano Server image and bootable USB media with the aid of a graphical interface. Based on the inputs you provide, it generates images for deployment and creates reusable PowerShell scripts that …
A quick Powershell script I wrote to find old program installations and check versions of a specific file across the network.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Screencast - Getting to Know the Pipeline

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question