Author Posts

July 11, 2014 at 8:25 am

We are using Microsoft Windows Malicious Software Removal Tool and it creates a log for each machine on the network. We have all the logs in one network folder. Example of the log:

Microsoft Windows Malicious Software Removal Tool v5.2, July 2013 (build 5.2.9201.0)
Started On Tue Aug 20 13:34:54 2013
Results Summary:
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Aug 20 13:35:05 2013
Return code: 0 (0x0)

I am using this powershell script:

Get-ChildItem -Path "\\ServerName\msft_log\Logs" -Filter "*.log" | Select-String "Return Code: 10" – works fine if the Return Code is 10

Get-ChildItem -Path "\\Servername\msft_log\Logs" -Filter "*.log" | Select-String -Pattern Return Code:[1-13] – I need this one to work. It runs and I do not see any results or error messages

NOTE: The Return code: are 0 -13

July 11, 2014 at 8:40 am

Try a pattern of 'Return code: \d+' . [1-13] doesn't mean quite what you intended in a regular expression.

July 11, 2014 at 9:42 am

I did place the \d+ and it gave me everything. I did the following:
Get-ChildItem -Path "\\Servername\msft_log\Logs" -Filter "*.log" | Select-String 'Return Code: [1-13]'
and it gave my the results I wanted.

\\servername\msft_log\Logs\computername$_mrt.log:83:Return code: 10 (0xa)
\\servernam\msft_log\Logs\computername$_mrt.log:57:Return code: 1 (0x1)
\\servernam\msft_log\Logs\computername$_mrt.log:57:Return code: 1 (0x1)

Thanks for your help

July 11, 2014 at 10:04 am

Try this pattern:

^Return code: [0-9][0-3]?

This is looking for a line starting with the pattern and matches any number from 0-13