PowerShell IIS Log Objectifier
This script will read the W3C Extended Log File Format with the default logging options. If you add or remove columns from your log then you will have to modify this script.
################################################################
# Description: IIS Log Importer
# Version: 1.0
# Author: Tim Medin
# Email: TimMedin A@T securitywhole D.O.T com
# Note: This script will read the W3C Extended Log File Format
# with the default logging options. If you add or remove columns
# from your log then you will have to modify this script.
################################################################
param (
[string] $Path
)
[regex]$regex = '\s*(?<date>\S+)\s+(?<time>\S+)\s+(?<sitename>\S+)\s+(?<computername>\S+)\s+(?<ip>\S+)\s+(?<method>\S+)\s+(?<uristem>\S+)\s+(?<uriquery>\S+)\s+(?<port>\S+)\s+(?<username>\S+)\s+(?<sourceip>\S+)\s+(?<UserAgent>\S+)\s+(?<status>\S+)\s+(?<substatus>\S+)\s+(?<win32status>\S*)'
Get-Content $Path | Select-String -Pattern "^[^#]" | % {
if ($_ -match $regex) {
$log = "" | Select TimeStamp, SiteName, ComputerName, IP, Method, UriStem, UriQuery, Port, Username, SourceIp, UserAgent, Status, SubStatus, Win32Status
$log.TimeStamp = Get-Date "$($matches.Date) $($matches.Time)"
$log.Sitename = $matches.Sitename
$log.Computername = $matches.Computername
$log.Ip = $matches.Ip
$log.Method = $matches.Method
$log.UriStem = $matches.UriStem
$log.UriQuery = $matches.UriQuery
$log.Port = $matches.Port
$log.Username = $matches.Username
$log.SourceIp = $matches.SourceIp
$log.UserAgent = $matches.UserAgent
$log.Status = $matches.Status
$log.SubStatus = $matches.SubStatus
$log.Win32Status = $matches.Win32Status
$log
}
}
################################################################
# Description: IIS Log Importer
# Version: 1.0
# Author: Tim Medin
# Email: TimMedin A@T securitywhole D.O.T com
# Note: This script will read the W3C Extended Log File Format
# with the default logging options. If you add or remove columns
# from your log then you will have to modify this script.
################################################################
param (
[string] $Path
)
[regex]$regex = '\s*(?<date>\S+)\s+(?<time>\S+)\s+(?<sitename>\S+)\s+(?<computername>\S+)\s+(?<ip>\S+)\s+(?<method>\S+)\s+(?<uristem>\S+)\s+(?<uriquery>\S+)\s+(?<port>\S+)\s+(?<username>\S+)\s+(?<sourceip>\S+)\s+(?<UserAgent>\S+)\s+(?<status>\S+)\s+(?<substatus>\S+)\s+(?<win32status>\S*)'
Get-Content $Path | Select-String -Pattern "^[^#]" | % {
if ($_ -match $regex) {
$log = "" | Select TimeStamp, SiteName, ComputerName, IP, Method, UriStem, UriQuery, Port, Username, SourceIp, UserAgent, Status, SubStatus, Win32Status
$log.TimeStamp = Get-Date "$($matches.Date) $($matches.Time)"
$log.Sitename = $matches.Sitename
$log.Computername = $matches.Computername
$log.Ip = $matches.Ip
$log.Method = $matches.Method
$log.UriStem = $matches.UriStem
$log.UriQuery = $matches.UriQuery
$log.Port = $matches.Port
$log.Username = $matches.Username
$log.SourceIp = $matches.SourceIp
$log.UserAgent = $matches.UserAgent
$log.Status = $matches.Status
$log.SubStatus = $matches.SubStatus
$log.Win32Status = $matches.Win32Status
$log
}
}
Comments