Monday, February 16, 2009

PowerShell/Log Parser 2.2 and Add-Member

I recently stumbled upon a great post by David Muegge titled “Log Parser and PowerShell - Part II”. David does a great job of wrapping PowerShell around Log Parser. I highly recommend that you take a look at his blog post. I was looking at his functions and decided that I should give them a try against some production data. I decided to look at failed login attempts (we have had an issue with an particular application).

What I was looking for was a count of failed logins (from the Strings property). The following code assumes that you are using David’s Library.

$query = "SELECT Strings FROM '\\XX-P01\Security' WHERE EventID = 529"
$inputformat = Get-LPInputFormat "evt"
$records = Get-LPRecordSet $query $inputformat
$records `
Add-Member -name "User" `
-value {$this.Strings.substring(0,$this.Strings.indexof(""))}`
-memberType ScriptProperty -force -passThru `
Group-Object User -noElement `
Sort-Object -descending Count `
Select-Object -first 10

In order to get exactly what I wanted, I added a new property to this object: "User"

In order to do this, I needed to parse the Strings property of my $Records object for everything before the first pipe.

$this.Strings.substring(0,$this.Strings.indexof("")) achieves the desired value.

This gives us:

Count Name
----- ----
81 cluster
30 mastersql
18 Administrator
9 home50
8 marg98
7 bart01
7 lisa27
6 Nels07
5 barn10
4 skin01

Just what I was looking for!

1 comment:

Anonymous said...

Thank you so much for this post, it was very insightful!
Reverse Phone Lookup also contains hundreds of cell phone and telecommunications articles and resources covering all aspects of cell phone safety, security, accessories and shopping.
Phone Number Trace Reverse Phone Lookup, Unknown Number Search - welcome to visit More Reviews.