I am trying to build an object out of a log file, it works untill the 17th line. Anyone know why this is happening?

 

[array]$log = Get-Content "c:\log.txt" | % { $_.split("`r") }

[int]$i = 10
[int]$stop = $log.Length -1
[object]$LogEntries
while ($i -le $stop)

{
    $LogEntry = New-Object System.Object
           
    Add-Member -inputobject $LogEntry -membertype noteproperty -name strDateTime -value $log[$i].Substring(0, 19)
    Add-Member -inputobject $LogEntry -membertype noteproperty -name strAction -value $log[$i].Substring(20, 6)
    Add-Member -inputobject $LogEntry -membertype noteproperty -name strSource -value $log[$i].Substring(28, 18)
    Add-Member -inputobject $LogEntry -membertype noteproperty -name strDest -value $log[$i].Substring(50, 18)
    Add-Member -inputobject $LogEntry -membertype noteproperty -name strtranslated -value $log[$i].Substring(72, 18)
    Add-Member -inputobject $LogEntry -membertype noteproperty -name strDuration -value $log[$i].Substring(117, 10)
    Add-Member -inputobject $LogEntry -membertype noteproperty -name strBytesSent -value $log[$i].Substring(136, 10)
    Add-Member -inputobject $LogEntry -membertype noteproperty -name strBytesRec -value $log[$i].Substring(140, 10)
    Add-Member -inputobject $LogEntry -membertype noteproperty -name strApp -value $log[$i].Substring(156, 20)
    Add-Member -inputobject $LogEntry -membertype noteproperty -name strPort -value $log[$i].Substring(63, 5)   
   
$LogEntries[$i] = $LogEntry

    $logEntry
    $i ++
   
}

I will look at this, but it would help if you provide some sample log and what your expecting :)

here is a small sample of the log file. this is the one i have been using for the testing.

 

Thanks for your help. :)

Ok the forums are killing the atachment here is what the logs look like. At the moment i just want to get the log in a format that i can work with.. I have not even begun to work with the data. i would like to see what ips are using bandwidth and counters on the ports to make sure i have not locked down more than i needed.

 

2008-04-01 05:15:09 Permit  192.168.160.245:137   192.168.35.1:137      209.155.12.98:1516                          71 sec             1866              0 NETBIOS (NS)
2008-04-01 05:08:50 Permit  192.168.160.245:137   192.168.194.1:137     209.155.12.98:2664                          72 sec             1866              0 NETBIOS (NS)
2008-04-01 05:08:44 Permit  192.168.160.245:137   192.168.174.1:137     209.155.12.98:2470                          66 sec              933              0 NETBIOS (NS)
2008-04-01 05:06:55 Permit  192.168.160.245:137   192.168.71.1:137      209.155.12.98:2699                          70 sec             1866              0 NETBIOS (NS)
2008-04-01 05:06:47 Permit  192.168.160.245:137   192.168.110.1:137     209.155.12.98:2499                          62 sec              933              0 NETBIOS (NS)

Try this

Note that the $LogSplit [ 0 ] should no spaces

[array]$log = Get-Content "c:\Tools\TestLog.txt" #| % { $_.split("`r") } $LogEntries = @() foreach($entry in $log) { $LogSplit = $entry.split([string[]](" "),[system.StringSplitOptions]::RemoveEmptyEntries) $LogEntry = New-Object System.Object $LogEntry | Add-Member -membertype noteproperty -name DateTime -value $LogSplit[ 0 ] $LogEntry | Add-Member -membertype noteproperty -name Action -value $LogSplit[ 1 ] $LogEntry | Add-Member -membertype noteproperty -name Source -value $LogSplit[ 2 ] $LogEntry | Add-Member -membertype noteproperty -name Destination -value $LogSplit[ 3 ] $LogEntry | Add-Member -membertype noteproperty -name Translated -value $LogSplit[ 5 ] $LogEntry | Add-Member -membertype noteproperty -name Duration -value $LogSplit[ 6 ] $LogEntry | Add-Member -membertype noteproperty -name BytesSent -value $LogSplit[ 7 ] $LogEntry | Add-Member -membertype noteproperty -name BytesRec -value $LogSplit[ 8 ] $LogEntry | Add-Member -membertype noteproperty -name App -value $LogSplit[ 10 ] $LogEntry | Add-Member -membertype noteproperty -name Port -value $LogSplit[ 4 ] $LogEntries += $LogEntry $logEntry }

Wow, thank you very much. I will have to read up on how you did this.

 

Thanks again.

I can cover the basics here

1) $log = Get-Content "c:\Tools\TestLog.txt" # You dont have to split on new line. Its the default behavior
2) foreach($entry in $log) # No need to use while and maintain count. Foreach just processes each element in the array for you
3) $LogSplit = $entry.split([string[]](" "),[system.StringSplitOptions]::RemoveEmptyEntries)
While this method is not perfect, it is generally expected that double space is a good delimiter for logs. This splits on double space and removes empty entries.
4) the rest you seem to know.
5) Oh... $LogEntries = @() # this creates the array and $logEntries += < entry > adds the entry