将 Resolve-DNSname 添加到哈希表
Add Resolve-DNSname to Hashtable
现在我有这个hastable
Get-Content (path) |ForEach-Object {
if($_ -match '\(((?:\d{1,3}\.){3}\d{1,3})\) disconnected. (\d+) message\[s\]'){
$IP = $matches[1]
$msgCount = $matches[2] -as [int]
$SMTP[$IP] += $msgCount
}
}
我在该哈希表中的键是 IPv4 地址,为此我需要一个 Resolve-DNSname,最好解析的 DNS 名称应该是每个键的另一个值。是否可以这样做并在解析 Dns 名称时出现错误时显示?
文件示例
30.11.2020 05:05:39 SMTP Server: (Servername) (255.255.255.255) disconnected. 1 message[s] received
30.11.2020 05:05:39 SMTP Server: (Servername) (255.255.254.254) disconnected. 2 message[s] received
30.11.2020 05:05:39 SMTP Server: (Servername) (255.255.255.255) disconnected. 4 message[s] received
30.11.2020 05:05:39 SMTP Server: (Servername) (255.255.234.245) disconnected. 4 message[s] received
30.11.2020 05:05:40 SMTP Server: (Servername) (255.255.253.244) disconnected. 1 message[s] received
30.11.2020 05:05:41 SMTP Server: (Servername) (255.255.255.255) disconnected. 46 message[s] received
30.11.2020 05:05:41 SMTP Server: (Servername) (255.255.234.245) disconnected. 13 message[s] received
您不能向哈希表添加额外的值(它只有一个键和一个值),但如果您使用可以具有许多属性的 PSObjects,则可以这样做。
$result = Get-Content -Path 'D:\Test\test.txt' | ForEach-Object {
if ($_ -match '\(((?:\d{1,3}\.){3}\d{1,3})\) disconnected\.?\s+(\d+) message\[s\]'){
try {
$dns = [System.Net.Dns]::GetHostEntry($matches[1]).HostName
}
catch {
$dns = 'Not available'
}
[PsCustomObject]@{
IP = $matches[1]
Messages = [int]$matches[2]
DNSName = $dns
}
}
}
#output on screen
$result | Format-Table -AutoSize
# output to Csv file
$result | Export-Csv -Path 'D:\Test\output.csv' -UseCulture -NoTypeInformation
如果你想把'Messages'算在一起,你可以像这样按IP分组结果:
$cumulative = $result | Group-Object -Property IP | ForEach-Object {
[PsCustomObject]@{
IP = $_.Name
Messages = ($_.Group | Measure-Object -Property Messages -Sum).Sum
DNSName = $_.Group[0].DNSName
}
}
#output on screen
$cumulative | Format-Table -AutoSize
# output to Csv file
$cumulative | Export-Csv -Path 'D:\Test\cumulative_output.csv' -UseCulture -NoTypeInformation
要同时包括(最近的)日期,我们需要调整正则表达式:
$result = Get-Content -Path 'D:\Test\test.txt' | ForEach-Object {
if($_ -match '^\s*(\d{2}\.\d{2}\.\d{4} \d{2}:\d{2}:\d{2}).*\(((?:\d{1,3}\.){3}\d{1,3})\) disconnected\.?\s+(\d+) message\[s\]'){
try {
$dns = [System.Net.Dns]::GetHostEntry($matches[2]).HostName
}
catch {
$dns = 'Not available'
}
[PsCustomObject]@{
IP = $matches[2]
Messages = [int]$matches[3]
DNSName = $dns
Date = [datetime]::ParseExact($matches[1], 'dd.MM.yyyy HH:mm:ss', $null)
}
}
}
#output on screen
$result | Format-Table -AutoSize
# output to Csv file
$result | Export-Csv -Path 'D:\Test\output.csv' -UseCulture -NoTypeInformation
如果你想把'Messages'算在一起,你可以像这样按IP分组结果:
$cumulative = $result | Group-Object -Property IP | ForEach-Object {
[PsCustomObject]@{
IP = $_.Name
Messages = ($_.Group | Measure-Object -Property Messages -Sum).Sum
DNSName = $_.Group[0].DNSName
Date = ($_.Group | Sort-Object Date)[-1].Date
}
}
#output on screen
$cumulative | Format-Table -AutoSize
# output to Csv file
$cumulative | Export-Csv -Path 'D:\Test\cumulative_output.csv' -UseCulture -NoTypeInformation
输出类似于:
IP Messages DNSName Date
-- -------- ------- ----
255.255.255.255 51 Not available 30-11-2020 5:05:41
255.255.254.254 2 smtp.somecompany.com 30-11-2020 5:05:39
255.255.234.245 17 www.somecompany.com 30-11-2020 5:05:41
255.255.253.244 1 Not available 30-11-2020 5:05:40
现在我有这个hastable
Get-Content (path) |ForEach-Object {
if($_ -match '\(((?:\d{1,3}\.){3}\d{1,3})\) disconnected. (\d+) message\[s\]'){
$IP = $matches[1]
$msgCount = $matches[2] -as [int]
$SMTP[$IP] += $msgCount
}
}
我在该哈希表中的键是 IPv4 地址,为此我需要一个 Resolve-DNSname,最好解析的 DNS 名称应该是每个键的另一个值。是否可以这样做并在解析 Dns 名称时出现错误时显示?
文件示例
30.11.2020 05:05:39 SMTP Server: (Servername) (255.255.255.255) disconnected. 1 message[s] received
30.11.2020 05:05:39 SMTP Server: (Servername) (255.255.254.254) disconnected. 2 message[s] received
30.11.2020 05:05:39 SMTP Server: (Servername) (255.255.255.255) disconnected. 4 message[s] received
30.11.2020 05:05:39 SMTP Server: (Servername) (255.255.234.245) disconnected. 4 message[s] received
30.11.2020 05:05:40 SMTP Server: (Servername) (255.255.253.244) disconnected. 1 message[s] received
30.11.2020 05:05:41 SMTP Server: (Servername) (255.255.255.255) disconnected. 46 message[s] received
30.11.2020 05:05:41 SMTP Server: (Servername) (255.255.234.245) disconnected. 13 message[s] received
您不能向哈希表添加额外的值(它只有一个键和一个值),但如果您使用可以具有许多属性的 PSObjects,则可以这样做。
$result = Get-Content -Path 'D:\Test\test.txt' | ForEach-Object {
if ($_ -match '\(((?:\d{1,3}\.){3}\d{1,3})\) disconnected\.?\s+(\d+) message\[s\]'){
try {
$dns = [System.Net.Dns]::GetHostEntry($matches[1]).HostName
}
catch {
$dns = 'Not available'
}
[PsCustomObject]@{
IP = $matches[1]
Messages = [int]$matches[2]
DNSName = $dns
}
}
}
#output on screen
$result | Format-Table -AutoSize
# output to Csv file
$result | Export-Csv -Path 'D:\Test\output.csv' -UseCulture -NoTypeInformation
如果你想把'Messages'算在一起,你可以像这样按IP分组结果:
$cumulative = $result | Group-Object -Property IP | ForEach-Object {
[PsCustomObject]@{
IP = $_.Name
Messages = ($_.Group | Measure-Object -Property Messages -Sum).Sum
DNSName = $_.Group[0].DNSName
}
}
#output on screen
$cumulative | Format-Table -AutoSize
# output to Csv file
$cumulative | Export-Csv -Path 'D:\Test\cumulative_output.csv' -UseCulture -NoTypeInformation
要同时包括(最近的)日期,我们需要调整正则表达式:
$result = Get-Content -Path 'D:\Test\test.txt' | ForEach-Object {
if($_ -match '^\s*(\d{2}\.\d{2}\.\d{4} \d{2}:\d{2}:\d{2}).*\(((?:\d{1,3}\.){3}\d{1,3})\) disconnected\.?\s+(\d+) message\[s\]'){
try {
$dns = [System.Net.Dns]::GetHostEntry($matches[2]).HostName
}
catch {
$dns = 'Not available'
}
[PsCustomObject]@{
IP = $matches[2]
Messages = [int]$matches[3]
DNSName = $dns
Date = [datetime]::ParseExact($matches[1], 'dd.MM.yyyy HH:mm:ss', $null)
}
}
}
#output on screen
$result | Format-Table -AutoSize
# output to Csv file
$result | Export-Csv -Path 'D:\Test\output.csv' -UseCulture -NoTypeInformation
如果你想把'Messages'算在一起,你可以像这样按IP分组结果:
$cumulative = $result | Group-Object -Property IP | ForEach-Object {
[PsCustomObject]@{
IP = $_.Name
Messages = ($_.Group | Measure-Object -Property Messages -Sum).Sum
DNSName = $_.Group[0].DNSName
Date = ($_.Group | Sort-Object Date)[-1].Date
}
}
#output on screen
$cumulative | Format-Table -AutoSize
# output to Csv file
$cumulative | Export-Csv -Path 'D:\Test\cumulative_output.csv' -UseCulture -NoTypeInformation
输出类似于:
IP Messages DNSName Date
-- -------- ------- ----
255.255.255.255 51 Not available 30-11-2020 5:05:41
255.255.254.254 2 smtp.somecompany.com 30-11-2020 5:05:39
255.255.234.245 17 www.somecompany.com 30-11-2020 5:05:41
255.255.253.244 1 Not available 30-11-2020 5:05:40