function Parse-FileZillaLogs { [CmdletBinding()] param ( [Parame

1. function Parse-FileZillaLogs {
2. [CmdletBinding()]
3. param (
4. [Parameter(Mandatory = $true)]
5. [string]$Path
6. ,
7. [Parameter()]
8. [string]$Filter = '*.log'
9. )
10. begin {
11. $regex = '^\((?<SessionId>\d+)\)\s(?<DateTime>[0-9\/: ]{19})\s\-\s\((?<LoggedIn>[^\)]*)\)\s\((?<IP>[0-9\.]+)\)>\s(?<Message>.*)$'
12. }
13. process {
14. Get-ChildItem -Path $Path -Filter $Filter | %{
15. $fn = $_.FullName
16. Get-Content -Path $fn | %{
17. if($_ -match $regex) {
18. (
19. New-Object -TypeName PSObject -Property ([ordered]@{
20. SessionId = $Matches['SessionId']
21. DateTime = $Matches['DateTime']
22. LoggedIn = $Matches['LoggedIn']
23. IP = $Matches['IP']
24. Message = $Matches['Message']
25. FileName = $fn
26. })
27. )
28. }
29. }
30. }
31. }
32. }
33. Clear-Host
34. Parse-FileZillaLogs -Path '\\myServer\C$\Program Files\FileZilla Server\Logs' |
35. ?{
36. $previousLineWasPassword -or
37. $_.Message -match '^USER (?<UserName>.*)$'
38.  
39. $previousLineWasPassword = $_.Message -like 'PASS*' #hack to let us see whether or not logon was successful
40. } |
41. select DateTime, IP, Message, @{N='UserName';E={$Matches['UserName']}} |
42. group-object -Property IP, UserName, Message | %{
43. (
44. New-Object -TypeName PSObject -Property ([ordered]@{
45. DateTime = ($_.Group | Measure-Object -Property DateTime -Maximum).Maximum #get them most recent date for this combo
46. IP = $_.Group[0].IP
47. UserName = $_.Group[0].UserName
48. Message = $_.Group[0].Message
49. })
50. )
51. } | ft -AutoSize
52.  
53.  
54. #select DateTime, IP, Message, @{N='UserName';E={$Matches['UserName']}} -first 10 | ft -AutoSize