Powershell and Log Parser

Integrating Microsoft Log Parser in Windows Powershell

I was tasked with parsing our IIS log files to look for certain text in the log files. I then needed to email out the results to certain individuals. After researching the topic, it seemed that no one had any information pertaining to Powershell and Log Parser. I decided to go down this road alone and came out with success!

 


Here is the Original Code:

 


#File location for creating attachment
$rootpath = $env:homedrive + $env:homepath
$SavePath = $rootpath + “\LogParsed.txt”
#Setup creation variable and create text file
$created = get-date
Out-File -filepath $SavePath
#Notify User that the file is being Created and Where it is being created
write-output “Creating File: ” $SavePath
write-output “Created: $created” | Out-File -filepath $SavePath
Write-Output “Testing!” | Out-File -FilePath $SavePath -Append

#Create two objects, both utilizing the Log Parser dll
#$logparse is for accessing log parser itself
$logparse = New-Object -com MSUtil.LogQuery

#$iisparse is for setting up the parsing input type
$iisparse = New-Object -com MSUtil.LogQuery.IISW3CInputFormat

#$iisparse.recurse tells the parser to look in subdirectories. The -1 is the level to look.
$iisparse.recurse = -1

#This is the list of servers and path that should be looked under. Does not have to be a UNC path.
$serverlist = (‘\\servername\c$\winnt\system32\logfiles\*.log’,’\\servername2\c$\windows\system32\logfiles\*.log’)

#The column variable is what will be searched under. Can be any specified in log parser.
$column = “cs-uri-query”

#This is what we are searching for.
$searchstring = “%EXEC(@%”

foreach ($server in $serverlist)
{
   Write-Output “Checking: $server” | Out-File -FilePath $SavePath -Append
   $query = “select * from $server where $column LIKE ‘$searchstring'”

   #Sends the query and the parse type to log parse. Log Parse returns all results to a variable.
   $records = $logparse.Execute( $query, $iisparse )
   
   #Goes through all records until it hits the end of the records.    
   while (!$records.atEnd())
   {
     #Populates variable with a record instance
     $record = $records.getRecord()

     #This creates a variable with different portions pulled from the returned records.
     #There are 32 available. I first did a for loop to find out what values I needed to specify.
     $recorded = $record.toNativeString(0) + “,” + $record.toNativeString(2) + “,” + $record.toNativeString(3) + “,” +    $record.toNativeString(10) + “,” + $record.toNativeString(11) + “,” + $record.toNativeString(12) + “,” + $record.toNativeString(13)
     #Saves values to text file
     $recorded | Out-File -FilePath $SavePath -Append
     #moves to the next record – pretty self explanitory :)
     $records.moveNext()
   }
}

#This is a how I am sending off the file via email.
#If you want to learn more about emailing with powershell,
#google it! :)
$smtp = New-Object net.mail.smtpclient(“localhost”)
$msg = New-Object Net.Mail.MailMessage
$att = New-Object net.mail.attachment($SavePath)
$msg.From = “powershellscript@company.com”
$msg.To.Add(“person@address.com”)
$msg.subject = “Log File”
$msg.body = “Here are the latest search results”
$msg.Attachments.Add($att)
$smtp.send($msg)
#This is important to have. If you do not dispose, the file stays open and
#when the script runs again it will say the file is still in use.
$att.dispose()


 

 

 

This entry was posted in Technology. Bookmark the permalink.

One Response to Powershell and Log Parser

  1. Gilo says:

    Great Post! Most people try to formulate the command and call out the program from DOS (including me), which has only given me issues and makes logparser loop. Using objects was a great idea!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>