0

I have multiple log files. I need to :

  1. Parse all log files in a folder
  2. Extract lines from the log file which relate to the user login info
  3. Create a consolidated file with only login date and user-id

... using PowerShell. Any help will be greatly appreciated.

Sample of files to the folder

log11-1.log

log11-2.log

log11-3.log

sample of text within each log file

11-1-2019 00:00:14.417 uagdouafiaf uaihoahfoiafioaf user='jhni' uiufqsnisannaso;ngisndoindgingdn 
11-1-2019 00:00:14.419 acosn;onciswnonioqecio;mqo;imicd,m;co,co,eq,cc,oecmionecuieqqiq'
11-1-2019 00:00:16.417 aisfoncaonzoicnaioncioano,co,eq,cc,oecmionecuieqqiq'
11-1-2019 00:00:17.417 uagdouafiaf uaihoahfoiafioaf user='thmi' uiufqsnisannaso;ngisndoindgingdn

Expected Output

11-1-2019 00:00:14.417 jhni
11-1-2019 00:00:17.417 thmi

Currently i have below code

$path = "C:\Logs"
$Text = "user"
$Results = "C:\Logs\login.txt"
$files = Get-ChildItem $path -recurse -Include *.log

foreach ($file in $files) {
    Get-Content $file | Select-String -Pattern $Text | select -Expand Line | Out-File $Results -Append
}
Community
  • 1
  • 1
user12474624
  • 1
  • 4
  • What does your script look like so far? – Bill_Stewart Dec 03 '19 at 15:02
  • $path = "C:\Logs" $Text = "user" $Results = "C:\Logs\login.txt" $files = Get-ChildItem $path -recurse -Include *.log foreach ($file in $files) { Get-Content $file | Select-String -Pattern $Text | select -Expand Line | Out-File $Results -Append } @Bill_Stewart above is what I have so far. It is able to read the multiple files and create a file including all lines but i want the outpit to be in format date/time user id. I dont want whole line printed out. Sorry about my format. New to stackoverflow and learning how to format my responses. – user12474624 Dec 03 '19 at 15:15
  • 1
    Please put your code into your question and use code formatting (indent 4 spaces), then delete your comment. Also describe _how_ your code doesn't work. – Bill_Stewart Dec 03 '19 at 15:56

1 Answers1

0

You just need a better regex here. You can create one with capture groups that should capture your data appropriately if it's consistently formated:

$Path = "C:\Logs"
$Results = "C:\Logs\login.txt"
$Pattern = "(?<datetime>\d{1,2}-\d{1,2}-\d{4} \d{2}:\d{2}:\d{2}\.\d{3}).* user='(?<user>.*)'"

Get-ChildItem $Path -Recurse -Include *.log |
    Select-String -Pattern $Pattern |
    ForEach-Object {
        '{0} {1}' -f $_.Matches.Captures.Groups['datetime'].Value, $_.Matches.Captures.Groups['user'].Value
    } | Out-File $Results -Append

The regex looks for a date and time formatted M-d-yyyy HH:mm:ss.fff, followed by any number of characters, and then looks for user='*'. If your usernames have embedded apostrophes, this pattern will not capture correctly. If your dates have variable formats, this will not capture correctly.

Bacon Bits
  • 30,782
  • 5
  • 59
  • 66
  • @user12474624 My guess is that there's another apostrophe later on the same line immediately after "xyzukauuda". That is, [the regex is greedy and you want it to be lazy](https://stackoverflow.com/q/2301285/696808). To do that, change the end of the regex pattern to `user='(?.*?)'`. – Bacon Bits Dec 03 '19 at 19:06
  • Thanks so much @Bacon Bits this helped :) – user12474624 Dec 03 '19 at 19:26