Solved

Parse xml for certain info from ftp logs, grab the entire section and display the info afterwards.

Posted on 2014-02-21
9
365 Views
Last Modified: 2014-03-01
I have started the following code to read through an entire directory for xml files and to read, identify, and display the info I need. If someone can help me pick out the parts I need from my xml that would be great.
For instance if the cmd is "get" I need to pull the entire entry, so ip, timestamp, user, etc... then add all of it nicely to a listbox for easy viewing.

Option Explicit On
Imports System.Xml
Imports System.IO
Public Class Form1

     Private Sub Button1_Click(sender As System.Object, e As System.EventArgs) Handles Button1.Click
        'Opens Folder Browser ad populates textbox one upon selection.
        If (FolderBrowserDialog1.ShowDialog() = DialogResult.OK) Then
            TextBox1.Text = FolderBrowserDialog1.SelectedPath
        End If

    End Sub

    Private Sub Button2_Click(sender As Object, e As EventArgs) Handles Button2.Click

        For Each sPath As String In IO.Directory.GetFiles(Chr(34) & TextBox1.Text)

            If IO.Path.GetExtension(sPath) = ".xml" Then
                Using reader As XmlReader = XmlReader.Create(sPath)
                    While reader.Read
                        If reader.Name = "log" Then
                        ElseIf reader.Name = "entry" Then
                            ElseIf reader.
                        End If
                    End While
                End Using
           End If
        Next

    End Sub

End Class

Open in new window


And this is the xml info I am working with:
<?xml version="1.0" encoding="UTF-8"?>

-<log>
-<entry>
<log_time>20130422-00:01:01</log_time>
-<description>
<![CDATA[220 FTP]]>
</description>
<service>FTP</service>
<sessionid>34414127</sessionid>
<type>0</type>

<severity>1</severity>

<lstnconnaddr>192.168.0.21:21</lstnconnaddr>

<cliconnaddr>192.168.0.40:61848</cliconnaddr>

<cmd>start</cmd>

<errnum>220</errnum>

<sguid>C49576C6-9AFE-437E-A0B8-B47BAE307139</sguid>

</entry>
-<entry>
<log_time>20130422-00:01:01</log_time>
-<description>
<![CDATA[received]]>
</description>
<service>FTP</service>
<sessionid>34414127</sessionid>
<type>0</type>
<severity>1</severity>
<lstnconnaddr>192.168.0.21:21</lstnconnaddr>
<cliconnaddr>192.168.0.40:61848</cliconnaddr>
<cmd>USER</cmd>
<sguid>C49576C6-9AFE-437E-A0B8-B47BAE307139</sguid>
</entry>
-<entry>
<log_time>20130422-00:01:01</log_time>
-<description>
<![CDATA[Enter password]]>
</description>
<service>FTP</service>
<sessionid>34414127</sessionid>
<type>0</type>
<severity>1</severity>
<user>test</user>
<host>ftp</host>
<lstnconnaddr>192.168.0.21:21</lstnconnaddr>
<cliconnaddr>192.168.0.0:61848</cliconnaddr>
<cmd>USER</cmd>
+<params>
<errnum>331</errnum>
<sguid>C49576C6-9AFE-437E-A0B8-B47BAE307139</sguid>
</entry>

Open in new window

0
Comment
Question by:MarcViste
  • 3
  • 3
  • 2
9 Comments
 
LVL 45

Expert Comment

by:aikimark
Comment Utility
Corrected XML example and formatted
<?xml version="1.0" encoding="utf-8"?>
<log>
  <entry>
    <log_time>20130422-00:01:01</log_time>
    <description><![CDATA[220 FTP]]></description>
    <service>FTP</service>
    <sessionid>34414127</sessionid>
    <type>0</type>
    <severity>1</severity>
    <lstnconnaddr>192.168.0.21:21</lstnconnaddr>
    <cliconnaddr>192.168.0.40:61848</cliconnaddr>
    <cmd>start</cmd>
    <errnum>220</errnum>
    <sguid>C49576C6-9AFE-437E-A0B8-B47BAE307139</sguid>
  </entry>
  <entry>
    <log_time>20130422-00:01:01</log_time>
    <description><![CDATA[received]]></description>
    <service>FTP</service>
    <sessionid>34414127</sessionid>
    <type>0</type>
    <severity>1</severity>
    <lstnconnaddr>192.168.0.21:21</lstnconnaddr>
    <cliconnaddr>192.168.0.40:61848</cliconnaddr>
    <cmd>USER</cmd>
    <sguid>C49576C6-9AFE-437E-A0B8-B47BAE307139</sguid>
  </entry>
  <entry>
    <log_time>20130422-00:01:01</log_time>
    <description><![CDATA[Enter password]]></description>
    <service>FTP</service>
    <sessionid>34414127</sessionid>
    <type>0</type>
    <severity>1</severity>
    <user>test</user>
    <host>ftp</host>
    <lstnconnaddr>192.168.0.21:21</lstnconnaddr>
    <cliconnaddr>192.168.0.0:61848</cliconnaddr>
    <cmd>USER</cmd>
    <params />
    <errnum>331</errnum>
    <sguid>C49576C6-9AFE-437E-A0B8-B47BAE307139</sguid>
  </entry>
</log>

Open in new window

0
 
LVL 45

Expert Comment

by:aikimark
Comment Utility
@MarcViste

Please post a sample of XML that has at least one instance of a "get" command.  Do not copy/paste XML from your browser.  Copy/paste actual XML.
0
 
LVL 96

Accepted Solution

by:
Bob Learned earned 500 total points
Comment Utility
You might be able to use XML serialization to achieve what you need.

HOW TO: Serialize and Deserialize XML in Visual Basic .NET
https://support.microsoft.com/kb/316730/en-us
0
 

Assisted Solution

by:MarcViste
MarcViste earned 0 total points
Comment Utility
I have adjusted the code below. Please tell me why it's not returning anything into my listboxes.

    Private Sub Button2_Click(sender As Object, e As EventArgs) Handles Button2.Click

        For Each sPath As String In IO.Directory.GetFiles(TextBox1.Text)
            TextBox2.Text = sPath
            If IO.Path.GetExtension(sPath) = ".xml" Then

                Dim doc As New XmlDocument()
                Dim nodes As XmlNodeList
                doc.Load(sPath)

                nodes = doc.SelectNodes("/log")
                Dim node As XmlNode

                For Each node In nodes
                    Dim nodesentry As XmlNodeList
                    Dim node1 As XmlNode
                    nodesentry = doc.SelectNodes("/entry")
                    For Each node1 In nodesentry
                        Dim nodecliconnaddr As XmlNode = node.SelectSingleNode("cliconnaddr")
                        If nodecliconnaddr IsNot Nothing Then
                            ListBox1.Items.Add(nodecliconnaddr.InnerText)
                        End If

                        Dim nodecmd As XmlNode = node.SelectSingleNode("cmd")
                        If nodecmd IsNot Nothing Then
                            ListBox2.Items.Add(nodecmd.InnerText)
                        End If

                        Dim nodelog_time As XmlNode = node.SelectSingleNode("log_time")
                        If nodelog_time IsNot Nothing Then
                            ListBox3.Items.Add(nodelog_time.InnerText)
                        End If
                    Next
                Next
            End If

Open in new window

0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 96

Assisted Solution

by:Bob Learned
Bob Learned earned 500 total points
Comment Utility
Your XML hierarchy is log/entry, and you are selecting <entry> elements from document at the root level.  I believe that you should be selecting those elements from the "node". XmlNode.

Dim nodesentry As XmlNode = node.SelectSingleNode("entry")

Open in new window

0
 

Assisted Solution

by:MarcViste
MarcViste earned 0 total points
Comment Utility
nodes = doc.SelectNodes("/log/entry") is what I needed.

Thanks guys.
0
 
LVL 96

Expert Comment

by:Bob Learned
Comment Utility
If you are selecting <log> elements here:

nodes = doc.SelectNodes("/log")

Open in new window


then, you can use the relative XPath expression against node" in the for loop, that I showed you, instead of getting them from root /log/entry.
0
 

Author Closing Comment

by:MarcViste
Comment Utility
Part of my comment was the solution.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

More often than not, we developers are confronted with a need: a need to make some kind of magic happen via code. Whether it is for a client, for the boss, or for our own personal projects, the need must be satisfied. Most of the time, the Framework…
I was working on a PowerPoint add-in the other day and a client asked me "can you implement a feature which processes a chart when it's pasted into a slide from another deck?". It got me wondering how to hook into built-in ribbon events in Office.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now