Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function Parse-FileZillaLogs {
- [CmdletBinding()]
- param (
- [Parameter(Mandatory = $true)]
- [string]$Path
- ,
- [Parameter()]
- [string]$Filter = '*.log'
- )
- begin {
- $regex = '^\((?<SessionId>\d+)\)\s(?<DateTime>[0-9\/: ]{19})\s\-\s\((?<LoggedIn>[^\)]*)\)\s\((?<IP>[0-9\.]+)\)>\s(?<Message>.*)$'
- }
- process {
- Get-ChildItem -Path $Path -Filter $Filter | %{
- $fn = $_.FullName
- Get-Content -Path $fn | %{
- if($_ -match $regex) {
- (
- New-Object -TypeName PSObject -Property ([ordered]@{
- SessionId = $Matches['SessionId']
- DateTime = $Matches['DateTime']
- LoggedIn = $Matches['LoggedIn']
- IP = $Matches['IP']
- Message = $Matches['Message']
- FileName = $fn
- })
- )
- }
- }
- }
- }
- }
- Clear-Host
- Parse-FileZillaLogs -Path '\\myServer\C$\Program Files\FileZilla Server\Logs' |
- ?{
- $previousLineWasPassword -or
- $_.Message -match '^USER (?<UserName>.*)$'
- $previousLineWasPassword = $_.Message -like 'PASS*' #hack to let us see whether or not logon was successful
- } |
- select DateTime, IP, Message, @{N='UserName';E={$Matches['UserName']}} |
- group-object -Property IP, UserName, Message | %{
- (
- New-Object -TypeName PSObject -Property ([ordered]@{
- DateTime = ($_.Group | Measure-Object -Property DateTime -Maximum).Maximum #get them most recent date for this combo
- IP = $_.Group[0].IP
- UserName = $_.Group[0].UserName
- Message = $_.Group[0].Message
- })
- )
- } | ft -AutoSize
- #select DateTime, IP, Message, @{N='UserName';E={$Matches['UserName']}} -first 10 | ft -AutoSize
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement