Powershell Regex

This topic contains 6 replies, has 4 voices, and was last updated by  random commandline 10 months, 2 weeks ago.

  • Author
  • #74318

    Amar Helloween

    Hi All,

    Below is the logs which i wanted to modify.

    I want to create 3 columns : Date, Message, Sender details
    Condition is only show the details for one having the message : Rejected-SenderDomainNotAllowed

    Can someone please suggest some regex and way to put the details in this columns either through PSCustomObject or anything which is better.

    Thanks in advance.

  • #74321

    Amar Helloween

    Example :

    Date Message Sender details
    —– ——- ————–
    7/4/2017 Rejected-SenderDomainNotAllowed sales@test.com

  • #74338

    random commandline

    If each line begins with a date and ends with an email, this should work.

    $log = (Get-Content .\logfile.txt)
    $regex1 = 
    "(?'date'.*\d{4}) .*Msg:(?'Msg'Rejected-SenderDomainNotAllowed) .*Recipients: (?'Sender'.*)"
    $result = 
    foreach ($l in $log){
        If ($l -match $regex1){[PSCustomObject]@{
            Date = $Matches['Date']
            Message = $Matches['Msg']
            Sender = $Matches['Sender']}
  • #74351

    Amar Helloween

    Actually there a new line, hence not matching this regex : "(?'date'.*\d{4}) .*Msg:(?'Msg'Rejected-SenderDomainNotAllowed) .*Recipients: (?'Sender'.*)"

    7/4/2017 12:59:36 AM 9953AD61A91E41588C8E5F9072E511AF.MAI Msg:Passed-ClientIPNotLocal AuthStatus:0
    Sender: fkjevwts@lankaormers.com Recipients: info@goiitytech.com

    also $log is taken as array, so when passing values of $l it is sending line by line like $log[0] 7/4/2017 12:59:36 AM 9953AD61A91E41588C8E5F9072E511AF.MAI Msg:Passed-ClientIPNotLocal AuthStatus:0, then log[1]ClientIP: etc. Hence its not matching

    I tried to add new line in regex still it doesn't work. Please suggest

  • #74375

    Fredrik Kacsmarck

    Slightly different take on it and you need to solve the changes in dates.
    I just hard coded it for proof of concept.
    The best way if possible is if you can make sure that the original data is in a format that is more easily managed.
    E.g. some specific delimiter between the "per-row-content" rather than newline as it seems to be inserted here an there.

    Anyway, here is an example of what you could do.
    What it basically does is take the whole file as just one big string.
    Removes the new lines, then insert a new line before the date.
    Then using ConvertFrom-String to create columns and name them.
    Then just using normal where and select to get the data you want.

    $textfile = Get-Content -Path .\gistfile1.txt -Raw
    $textfile = $textfile.Replace("`n","")
    $textfile = $textfile.Replace("7/4/2017","`n7/4/2017")
    $splitString = $textfile -split "`n"
    $data = $splitString | convertfrom-string -PropertyNames Date,Time,AM_PM,P1,Message,Status,ClientIP,P2,Sender,P3,Recipient
    $data.Where({$_.Message -like "*Rejected-SenderDomainNotAllowed"}) | select Date,Message,Sender
  • #74381


    Can that be done with convertfrom-string? I was trying this template, but it didn't work ($testText is a here-string with all the data):

    $template = @'
    {Date*:7/4/2017}, {Message:Passed-ClientIPNotLocal}, {Sender:xkkah@abc.com}
    {Date*:7/4/2017}, {Message:Rejected-SenderDomainNotAllowed}, {Sender:kuzovpare@gmail.com}
    $testText | ConvertFrom-String -TemplateContent $template
    ConvertFrom-String : ConvertFrom-String appears to be having trouble parsing your data using the template you've
    provided. We'd love to take a look at what went wrong, if you'd like to share the data and template used to parse it.
    We've saved these files to C:\Users\admin\AppData\Local\Temp\k3g5buf0.2t5.input.txt and
    C:\Users\ccfadmin\AppData\Local\Temp\k3g5buf0.2t5-0.template.txt - feel free to attach them in a mail to
    psdmfb@microsoft.com. We will review all submissions, although we can't guarantee a response.
    At C:\Users\ccfadmin\convert.ps1:69 char:13
    + $testText | ConvertFrom-String -TemplateContent $template
    +             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidResult: (:) [ConvertFrom-String], ResultNotFoundException
        + FullyQualifiedErrorId : ResultNotFound,Microsoft.PowerShell.Commands.StringManipulation.ConvertFromStringCommand
  • #74404

    random commandline

    Ok, this should work. Select-String cmdlet will match your line plus the next two.

    $source = Get-ChildItem .\logfile.txt
    # Match lines and get next two lines
    $string = Select-String -Path $source -Pattern 'Rejected-SenderDomain' -Context 0,2
    # Create objects
    foreach ($s in $string){
        $regex1 = "(?'date'.*\d{4}) .*Msg:(?'Msg'Rejected-SenderDomainNotAllowed)"
        [void]($s.Line -match $regex1) ; $Matches1 = $Matches
        [void]($s.Context.DisplayPostContext -join ' ' -match "Recipients: (?'rec'.*)")
            Date = $Matches1['Date']
            Message = $Matches1['Msg']
            Sender = $Matches['rec']}

You must be logged in to reply to this topic.