PowerShell自定义日志分析

i2byvkas 于 2023-03-18 发布在 Shell

关注(0)|答案(2)|浏览(127)

我正在尝试找出一种有效的方法来循环通过位于Windows主机上的自定义位置的自定义日志。我已经实现了一些简单的脚本使用select-sting cmdlet离子循环通过日志使用for-each，但我希望采取更复杂的方法来实现这一点。P.S.我不是PowerShell精明，所以这一切对我来说是一个学习的经验。
本质上应该发生的是;
1.我有一些常用的关键词/字符串
1.这些关键词涉及一个独特的问题
1.脚本应该循环遍历日志并搜索关键字。
1.隔离后，这将根据匹配术语的问题描述生成输出
日志是通用的，永远不会更改，因此对于每个匹配的字符串，都很清楚问题是什么，输出应该提供修复的链接。
日志示例;

021-08-30T04:07:46Z E! message: send request failed, original error: Post "https://test.com/": dial tcp 172.31.11.121:443: i/o timeout
2021-08-30T04:07:46Z E! system: code: RequestError, message: send request failed, original error: Post "https://test.com/": dial tcp 172.31.11.121:443: i/o timeout
2021-08-30T02:15:46Z E! err:  AccessDenied: User: test is not authorized to perform: PutData status code: 403, request id: f1171fd0-05b6-4f7d-bac2-629c8594c46e

到目前为止，我所提出的可能是使用两个哈希表。
1.匹配器的哈希表：错误类型作为键：值;

$errorList =@{
"AccessDenied"="permissions",
"i/o timeout"="connectivity"
}

1.第二散列表于是将是错误类型：描述作为键：值的散列表;

$errorDesc = @{                                                                        
"permissions"="The user does not have permission to perform the action, please reach out to your administrator",                                   
"connectivity"="The agent has failed to connect to one of the required endpoints. Please ensure the instance (and any proxy - if configured) is able to connect to all required endpoints. For more information on the required endpoints, please refer to https://helpmefixthis.com/"
}

理想情况下，脚本应该循环遍历日志并看到以下日志条目;

021-08-30T04:07:46Z E! message: send request failed, original error: Post "https://test.com/": dial tcp 172.31.11.121:443: i/o timeout

以上包含字符串“i/o timeout”，它是第一个散列表中的键，其值为-“connectivity”。然后，这应该使用此值“connectivity”引用第二个散列表，其值是第二个表中的键。分配给此键的值应该是输出，例如;
The logs contained the following error "i/o timeout" which means that "The agent has failed to connect to one of the required endpoints. Please ensure the instance (and any proxy - if configured) is able to connect to all required endpoints. For more information on the required endpoints, please refer to https://helpmefixthis.com/"
也许我做错了，也许有更好的方法。
我没有尝试上面的方法，因为我甚至不确定从哪里开始。我已经使用基本的select-string cmdlet实现了一些简单的脚本，并为匹配的术语循环每个脚本

powershell

来源：https://stackoverflow.com/questions/75601736/powershell-custom-log-parsing

2条答案

按热度按时间

gwbalxhn1#

我在想这样的事

$filename = "c:\temp\test.txt";
$pattern1 = "^(?<date>[^\s]+)\sE!\s(?<message>.*)";
$pattern2 = "^(?<type>[^:]+):(?<value>.*)"

$errors = Select-String -Path $filename -Pattern $pattern1

$table = [System.Collections.ArrayList]::new()

foreach($row in $errors.Matches)
{
   $newRow = New-Object -TypeName psobject
   $date = [DateTime]$row.Groups["date"].Value
   $newRow | Add-Member -NotePropertyName Date -NotePropertyValue $date

   $splitMessages = $row.Groups["message"].Value.Split(",");
   
   for($i = 0; $i -lt $splitMessages.Count; $i++)
   {
      write-host "split = " $splitMessages[$i]
      $splitMessages[$i] -match $pattern2
Write-Host $Matches
$Matches  | Format-Table
      $newRow | Add-Member -NotePropertyName ('type' + ($i + 1)) -NotePropertyValue $Matches.type
      $newRow | Add-Member -NotePropertyName ('message' + ($i + 1)) -NotePropertyValue $Matches.value
   }

   $table.Add($newRow)  | Out-Null
}

$table

输出

Date     : 8/30/0021 12:07:46 AM
type1    : message
message1 :  send request failed
type2    :  original error
message2 :  Post "https://test.com/": dial tcp 172.31.11.121:443: i/o timeout

Date     : 8/30/2021 12:07:46 AM
type1    : system
message1 :  code: RequestError
type2    :  message
message2 :  send request failed
type3    :  original error
message3 :  Post "https://test.com/": dial tcp 172.31.11.121:443: i/o timeout

Date     : 8/29/2021 10:15:46 PM
type1    : err
message1 :   AccessDenied: User: test is not authorized to perform: PutData status code: 403
type2    :  request id
message2 :  f1171fd0-05b6-4f7d-bac2-629c8594c46e

赞(0）回复(0）举报 2023-03-18

nzk0hqpo2#

您可以读取日志文件并按如下方式筛选错误值：

$errorList = @{
    'AccessDenied' = 'permissions'
    'i/o timeout'  = 'connectivity'
}

$errorDesc = @{                                                                        
    'permissions'  = 'The user does not have permission to perform the action, please reach out to your administrator'
    'connectivity' = 'The agent has failed to connect to one of the required endpoints. Please ensure the instance (and any proxy - if configured) is able to connect to all required endpoints. For more information on the required endpoints, please refer to https://helpmefixthis.com/'
}

$log = 'X:\Somewhere\TheLogFile.log'
$errorsFound = Get-Content -Path $log | ForEach-Object {
    foreach ($key in $errorList.Keys) {
        if ($_ -match $key) {
            # output an object
            [PsCustomObject]@{
                Error       = $key
                Description = $errorDesc[$errorList[$key]]
            }
            break
        }
    }
}

# view on console
$errorsFound | Format-List

# save this in a text file
$errorsFound | Format-List | Out-String | Set-Content -Path 'X:\Somewhere\TheErrors.txt'

# save this in a CSV file you can open in Excel
$errorsFound | Export-Csv -Path 'X:\Somewhere\TheErrors.csv' -NoTypeInformation -UseCulture

在控制台上，这将输出（使用您的示例）：

Error       : i/o timeout
Description : The agent has failed to connect to one of the required endpoints. Please ensure the instance (and any proxy - if configured) 
              is able to connect to all required endpoints. For more information on the required endpoints, please refer to https://helpmef
              ixthis.com/

Error       : i/o timeout
Description : The agent has failed to connect to one of the required endpoints. Please ensure the instance (and any proxy - if configured) 
              is able to connect to all required endpoints. For more information on the required endpoints, please refer to https://helpmef
              ixthis.com/

Error       : AccessDenied
Description : The user does not have permission to perform the action, please reach out to your administrator

赞(0）回复(0）举报 2023-03-18

我来回答

PowerShell自定义日志分析

2条答案

相关问题

热门标签

最新问答