Powershell Regex

This topic contains 6 replies, has 4 voices, and was last updated by Profile photo of random commandline random commandline 3 weeks ago.

  • Author
    Posts
  • #74318
    Profile photo of Amar Helloween
    Amar Helloween
    Participant

    Hi All,

    Below is the logs which i wanted to modify.

    I want to create 3 columns : Date, Message, Sender details
    Condition is only show the details for one having the message : Rejected-SenderDomainNotAllowed

    Can someone please suggest some regex and way to put the details in this columns either through PSCustomObject or anything which is better.

    Thanks in advance.

  • #74321
    Profile photo of Amar Helloween
    Amar Helloween
    Participant

    Example :

    Date Message Sender details
    —– ——- ————–
    7/4/2017 Rejected-SenderDomainNotAllowed sales@test.com

  • #74338
    Profile photo of random commandline
    random commandline
    Participant

    If each line begins with a date and ends with an email, this should work.

    $log = (Get-Content .\logfile.txt)
    $regex1 = 
    "(?'date'.*\d{4}) .*Msg:(?'Msg'Rejected-SenderDomainNotAllowed) .*Recipients: (?'Sender'.*)"
    
    $result = 
    foreach ($l in $log){
        If ($l -match $regex1){[PSCustomObject]@{
            Date = $Matches['Date']
            Message = $Matches['Msg']
            Sender = $Matches['Sender']}
        }
    }
    
    $result
    
  • #74351
    Profile photo of Amar Helloween
    Amar Helloween
    Participant

    Actually there a new line, hence not matching this regex : "(?'date'.*\d{4}) .*Msg:(?'Msg'Rejected-SenderDomainNotAllowed) .*Recipients: (?'Sender'.*)"

    7/4/2017 12:59:36 AM 9953AD61A91E41588C8E5F9072E511AF.MAI Msg:Passed-ClientIPNotLocal AuthStatus:0
    ClientIP:179.154.68.219
    Sender: fkjevwts@lankaormers.com Recipients: info@goiitytech.com

    also $log is taken as array, so when passing values of $l it is sending line by line like $log[0] 7/4/2017 12:59:36 AM 9953AD61A91E41588C8E5F9072E511AF.MAI Msg:Passed-ClientIPNotLocal AuthStatus:0, then log[1]ClientIP:179.154.68.219 etc. Hence its not matching

    I tried to add new line in regex still it doesn't work. Please suggest

  • #74375
    Profile photo of Fredrik Kacsmarck
    Fredrik Kacsmarck
    Participant

    Slightly different take on it and you need to solve the changes in dates.
    I just hard coded it for proof of concept.
    The best way if possible is if you can make sure that the original data is in a format that is more easily managed.
    E.g. some specific delimiter between the "per-row-content" rather than newline as it seems to be inserted here an there.

    Anyway, here is an example of what you could do.
    What it basically does is take the whole file as just one big string.
    Removes the new lines, then insert a new line before the date.
    Then using ConvertFrom-String to create columns and name them.
    Then just using normal where and select to get the data you want.

    $textfile = Get-Content -Path .\gistfile1.txt -Raw
    
    $textfile = $textfile.Replace("`n","")
    $textfile = $textfile.Replace("7/4/2017","`n7/4/2017")
    
    $splitString = $textfile -split "`n"
    $data = $splitString | convertfrom-string -PropertyNames Date,Time,AM_PM,P1,Message,Status,ClientIP,P2,Sender,P3,Recipient
    
    $data.Where({$_.Message -like "*Rejected-SenderDomainNotAllowed"}) | select Date,Message,Sender
    
  • #74381
    Profile photo of js
    js
    Participant

    Can that be done with convertfrom-string? I was trying this template, but it didn't work ($testText is a here-string with all the data):

    $template = @'
    {Date*:7/4/2017}, {Message:Passed-ClientIPNotLocal}, {Sender:xkkah@abc.com}
    {Date*:7/4/2017}, {Message:Rejected-SenderDomainNotAllowed}, {Sender:kuzovpare@gmail.com}
    '@
    
    
    $testText | ConvertFrom-String -TemplateContent $template
    
    
    ConvertFrom-String : ConvertFrom-String appears to be having trouble parsing your data using the template you've
    provided. We'd love to take a look at what went wrong, if you'd like to share the data and template used to parse it.
    We've saved these files to C:\Users\admin\AppData\Local\Temp\k3g5buf0.2t5.input.txt and
    C:\Users\ccfadmin\AppData\Local\Temp\k3g5buf0.2t5-0.template.txt - feel free to attach them in a mail to
    psdmfb@microsoft.com. We will review all submissions, although we can't guarantee a response.
    At C:\Users\ccfadmin\convert.ps1:69 char:13
    + $testText | ConvertFrom-String -TemplateContent $template
    +             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidResult: (:) [ConvertFrom-String], ResultNotFoundException
        + FullyQualifiedErrorId : ResultNotFound,Microsoft.PowerShell.Commands.StringManipulation.ConvertFromStringCommand
  • #74404
    Profile photo of random commandline
    random commandline
    Participant

    Ok, this should work. Select-String cmdlet will match your line plus the next two.

    $source = Get-ChildItem .\logfile.txt
    # Match lines and get next two lines
    $string = Select-String -Path $source -Pattern 'Rejected-SenderDomain' -Context 0,2
    
    # Create objects
    foreach ($s in $string){
        $regex1 = "(?'date'.*\d{4}) .*Msg:(?'Msg'Rejected-SenderDomainNotAllowed)"
        [void]($s.Line -match $regex1) ; $Matches1 = $Matches
        [void]($s.Context.DisplayPostContext -join ' ' -match "Recipients: (?'rec'.*)")
        [PSCustomObject]@{
            Date = $Matches1['Date']
            Message = $Matches1['Msg']
            Sender = $Matches['rec']}
    }
    

You must be logged in to reply to this topic.