Powershell-Protokolldateiverarbeitung

Question

Das Ziel ist es, diese awk-Datei zu übernehmen:

#!/usr/bin/awk -f 

BEGIN { LastSource = ""     # BEGIN Block         
    ORS = ""       # ORS set to default a.k.a newline         
    Sources = 0      # Variable created and set to 0         
    Ports = 0       # Variable created and set to 0         
    FS = ":"       # Field Seperator set to a colon         
    }         # End of the BEGIN Block 

    {         # Open Block    
    if ($1 != LastSource){    # First Field not = Last Source execute following     
     ORS = "\n" 
     print " "      # formatting     
     ORS = " "      # ORS set to space for same line print     
     print $1, $2     # printing Source IP and Destination Port     
     LastSource = $1     # set LastSource to SourceIP    
     Sources += 1     # Increment Source by 1     
     Ports += 1      # Increment Ports by 1     
    } else {           
     ORS = " "                    
     print $2      # Print DestPort to current line (multi port per IP)     
     Ports += 1      # Increment Ports by 1     
     }             
    } 

END { ORS = "\n"       # END Block execute after last line is read    
    print "\n\n" "Total Sources = ", Sources # Print two new lines and text followed by the variable Sources 
    print "Unique Ports Scanned = ", Ports  # Print text followed by the variable Ports    
    }              






# Command Line: 
# grep 'INext-DROP-DEFLT' sample.log.txt | sed -e 's/.*SRC=//' -e 's/ .*DPT=/:/' -e 's/ .*//' | sort | uniq | awk -f Lab3Submission.awk 

Output = .

Und konvertieren Sie es über Powershell in eine äquivalente Ausgabe.

Im Moment habe ich den folgenden Befehl

gc sample.log | sls "INext-DROP-DEFLT" | ForEach-Object { $_.line -match "SRC=(.*?)\s" > $null;$matches[1] + ":" + $matches[2] } | sort | Get-Unique | ForEach-Object -Begin { $LastSource = " "; $sources = 0; $ports = 0; } -process { $ip = $_.split(":")[0]; $port = $_.split(":")[1]; if($1 -ne $LastSource){print $1, $2 $LastSource = $1 $sources += 1 $Ports += 1 } else { print $2 $Ports += 1 } } END { print "\n\n" "Total Sources = ", $sources p 
rint "Unique Ports Scanned = ", $Ports } 

Und diese Fehler

Unsicher, wie Sie vorgehen.

Log-Datei für Referenz: LogFileTinyUplaod

Answer 1

Unsicher, wie Sie vorgehen.

• Zunächst gelten einige Powershell Best Practices (Code-Format, Einzug, ...).
• Dann, nach END mit -end Ersetzen Sie viele andere Fehler bekommen ...

Das Snippet folgende Code sollte die Arbeit tun (obwohl es zu avoid Write-Hostempfohlen wird, es sei denn, Ihr Ziel zu dem Host zu schreiben, ist nur; stattdessen würde ich einige PSCustomObject bauen, um Ergebnisse für die weitere Verwendung zu speichern).

Get-Content D:\Downloads\SO\sample.log | 
    Select-String -Pattern "INext-DROP-DEFLT\s.*SRC=(.*?)\s.*DPT=(.*?)\s" -AllMatches | 
    ForEach-Object {$_.Matches} | 
     ForEach-Object {$_.Groups[1].Value + ':' + $_.Groups[2].Value} | # PSCustomObject place 
     Sort-Object | 
      Get-Unique | 
      ForEach-Object -Begin { 
       $LastSource = [string]::Empty; 
       $sources = 0; 
       $ports = 0; 
      } -process { 
       $ip, $port = $_.split(":"); 
       if ($ip -ne $LastSource) { 
        Write-Host "`n$ip $port" -NoNewline; # print Source IP and Destination Port 
        $LastSource = $ip; 
        $sources += 1; 
        $Ports += 1; 
       } else { 
        Write-Host " $port" -NoNewline; # Print DestPort to current line (multi port per IP) 
        $Ports += 1; 
       } 
      } -end { 
       Write-Host "`nTotal Sources = $sources"; 
       Write-Host "Unique Ports Scanned = $Ports"; 
      }