Download PDF

Powershell logparse regexp to csv

Input line:

Thu 2017-03-30 00:00:07: user@domain.com (John Doe) checked mail from 127.0.0.1 using IMAP, 0 msgs collected, 21 remaining

Powershell script:

$rxp = "([a-z0-9!#\$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#\$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?)|(\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b)|(POP|IMAP)|(^[A-Z][a-z]+\s\d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2})"

gc ".\*.log" | select-string -pattern $rxp -allmatches | foreach {

if ($_.Matches.count -ne 4) {
return
}
[pscustomobject]@{
 'date'=$_.Matches[0]
 'email'=$_.Matches[1]
 'ipaddr'=$_.Matches[2]
 'proto'=$_.Matches[3]
 }
} | export-csv -notype analysis.csv

Leave a Reply

Your email address will not be published. Required fields are marked *