我提取包含大量文本以及MAC地址和UUID的字符串.例如:
![LOG[AA:AA:AA:AA:AA:AA, 0A0A0000-0000-0000-0000-A0A00A000000: found optional advertisement C0420054]LOG]!><time="09:07:57.573-120" date="04-19-2017" component="SMSPXE" context="" type="1" thread="2900" file="database.cpp:533"
我想剥离输出只显示MAC地址(例如AA:AA:AA:AA:AA:AA)和UUID(例如0A0A0000-0000-0000-0000-A0A00A000000)
我不知道如何修剪输出.
这是我的脚本:
$Path = "\\AAAAAAAA\logs$"
$Text = "AA:AA:AA:AA:AA:AA"
$PathArray = @()
$Results = "C:\temp\test.txt"
# This code snippet gets all the files in $Path that end in ".txt".
Get-ChildItem $Path -Filter "*.log" |
Where-Object { $_.Attributes -ne "Directory"} |
ForEach-Object {
If (Get-Content $_.FullName | Select-String -Pattern $Text) {
$PathArray += $_.FullName
$PathArray += $_.FullName
}
}
Write-Host "Contents of ArrayPath:"
$PathArray | ForEach-Object {$_}
get-content $PathArray -ReadCount 1000 |
foreach { $_ -match $Text}
Where-Object您可以使用cmdlet 的-Filter开关,而不是使用cmdlet过滤所有文件Get-ChildItem.此外,您不必Get-content自己使用cmdlet 加载内容,只需将文件传递给Select-Stringcmdlet.
为了获取MAC,UUID我只是用谷歌搜索正则表达式并将它们组合在一起:
$Path = "\\AAAAAAAA\logs$"
$Pattern = '([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2}),\s+(\{{0,1}([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}\}{0,1})'
$Results = "C:\temp\test.txt"
Get-ChildItem $Path -Filter "*.log" -File |
Select-String $Pattern |
ForEach-Object {
$_.Matches.Value
} |
Out-File $Results
| 归档时间: |
|
| 查看次数: |
532 次 |
| 最近记录: |