Integrating Microsoft Log Parser in Windows Powershell
I was tasked with parsing our IIS log files to look for certain text in the log files. I then needed to email out the results to certain individuals. After researching the topic, it seemed that no one had any information pertaining to Powershell and Log Parser. I decided to go down this road alone and came out with success!
Here is the Original Code:
#File location for creating attachment
$rootpath = $env:homedrive + $env:homepath
$SavePath = $rootpath + “\LogParsed.txt”
#Setup creation variable and create text file
$created = get-date
Out-File -filepath $SavePath
#Notify User that the file is being Created and Where it is being created
write-output “Creating File: ” $SavePath
write-output “Created: $created” | Out-File -filepath $SavePath
Write-Output “Testing!” | Out-File -FilePath $SavePath -Append
#Create two objects, both utilizing the Log Parser dll
#$logparse is for accessing log parser itself
$logparse = New-Object -com MSUtil.LogQuery
#$iisparse is for setting up the parsing input type
$iisparse = New-Object -com MSUtil.LogQuery.IISW3CInputFormat
#$iisparse.recurse tells the parser to look in subdirectories. The -1 is the level to look.
$iisparse.recurse = -1
#This is the list of servers and path that should be looked under. Does not have to be a UNC path.
$serverlist = (‘\\servername\c$\winnt\system32\logfiles\*.log’,’\\servername2\c$\windows\system32\logfiles\*.log’)
#The column variable is what will be searched under. Can be any specified in log parser.
$column = “cs-uri-query”
#This is what we are searching for.
$searchstring = “%EXEC(@%”
foreach ($server in $serverlist)
Write-Output “Checking: $server” | Out-File -FilePath $SavePath -Append
$query = “select * from $server where $column LIKE ‘$searchstring'”
#Sends the query and the parse type to log parse. Log Parse returns all results to a variable.
$records = $logparse.Execute( $query, $iisparse )
#Goes through all records until it hits the end of the records.
#Populates variable with a record instance
$record = $records.getRecord()
#This creates a variable with different portions pulled from the returned records.
#There are 32 available. I first did a for loop to find out what values I needed to specify.
$recorded = $record.toNativeString(0) + “,” + $record.toNativeString(2) + “,” + $record.toNativeString(3) + “,” + $record.toNativeString(10) + “,” + $record.toNativeString(11) + “,” + $record.toNativeString(12) + “,” + $record.toNativeString(13)
#Saves values to text file
$recorded | Out-File -FilePath $SavePath -Append
#moves to the next record – pretty self explanitory
#This is a how I am sending off the file via email.
#If you want to learn more about emailing with powershell,
$smtp = New-Object net.mail.smtpclient(“localhost”)
$msg = New-Object Net.Mail.MailMessage
$att = New-Object net.mail.attachment($SavePath)
$msg.From = “firstname.lastname@example.org”
$msg.subject = “Log File”
$msg.body = “Here are the latest search results”
#This is important to have. If you do not dispose, the file stays open and
#when the script runs again it will say the file is still in use.