I feel like this is easy to do in Python but I'm smashing my head against my desk trying to figure out how to do this in PowerShell. I'm getting this output from another executable that I'm calling from Powershell. My end goal is to extract that first bit of text (session ID), the IP address, and the date/time so I can convert each one into a PowerShell object.
Where I'm lost is how to get each group of info (3 lines of text) into an array, which I think will make it easier to convert to an object. I'm sure there's a way to generate the objects from the giant string as well. I'm open to either method. The output below is saved to a variable. No matter how I split the string my array ends up with each line of text as an element instead of the the 3 lines that I need. I've tried removing new lines and carriage returns which I haven't had any success with. Can someone nudge me in the right direction?
10480fc9aa telnet [email protected]
Logon at: Tue Jan 14 07:55:20 2020
Running: program.bat
10481e6429 telnet [email protected]
Logon at: Tue Jan 14 07:58:53 2020
Running: program.bat
1048338699 telnet [email protected]
Logon at: Tue Jan 14 08:09:28 2020
Running: program.bat
10485aef1d telnet [email protected]
Logon at: Tue Jan 14 08:39:17 2020
Running: program.bat
1048ece4b9 telnet [email protected]
Logon at: Tue Jan 14 10:52:24 2020
Running: program.bat
1048fef5d5 telnet [email protected]
Logon at: Tue Jan 14 11:18:44 2020
Running: program.bat
1049008fab telnet [email protected]
Logon at: Tue Jan 14 11:20:30 2020
Running: program.bat
104910d0a7 telnet [email protected]
Logon at: Tue Jan 14 11:42:15 2020
Running: program.bat
104930ec10 telnet [email protected]
Logon at: Tue Jan 14 12:26:23 2020
Running: program.bat
10493c8e24 telnet [email protected]
Logon at: Tue Jan 14 12:43:08 2020
Running: program.bat
10493f7650 telnet [email protected]
Logon at: Tue Jan 14 12:47:13 2020
Running: program.bat
You can try the following approach, which processes the executable's output lines one by one, via a switch
statement that uses regexes to extract the information of interest, and then uses the extracted information to construct a custom output object for each block of 3 lines:
$i = 0
yourexecutable.exe | ForEach-Object {
$line = $_
switch (++$i % 3) {
1 { # 1st line of a block of 3: extract the session ID and IP address.
$null = $line -match '^(\S+) .*@(\S+)'
$sessionId = $Matches[1]
$ip = $Matches[2]
}
2 { # 2nd line: extract the login timestamp.
$null = $line -match 'Logon at: (.+)'
$date = $Matches[1]
}
default { # 3rd line: construct the output object for the block at hand.
[pscustomobject] @{
SessionId = $sessionId
Ip = $ip
Date = $date
}
}
}
}
With your sample input, this yields:
SessionId Ip Date
--------- -- ----
10480fc9aa 172.16.8.11 Tue Jan 14 07:55:20 2020
10481e6429 172.16.8.14 Tue Jan 14 07:58:53 2020
1048338699 172.16.8.13 Tue Jan 14 08:09:28 2020
10485aef1d 172.16.8.10 Tue Jan 14 08:39:17 2020
1048ece4b9 172.16.8.3 Tue Jan 14 10:52:24 2020
1048fef5d5 172.16.8.6 Tue Jan 14 11:18:44 2020
1049008fab 172.16.8.15 Tue Jan 14 11:20:30 2020
104910d0a7 172.16.8.15 Tue Jan 14 11:42:15 2020
104930ec10 172.16.8.7 Tue Jan 14 12:26:23 2020
10493c8e24 172.16.8.4 Tue Jan 14 12:43:08 2020
10493f7650 172.16.8.15 Tue Jan 14 12:47:13 2020
Note that all property values are strings; if you wanted the .Date
property to be of type [datetime]
, for instance, you could use [datetime]::ParseExact($date, '...')
- see System.DateTime.ParseExact
.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments