解析特定日期错误的日志文件
parse a log file for errors on a specific date
提前感谢您的帮助! :)
我是 Powershell 的初学者。我有 powershell 应用程序,而不是 powershell ISE。我需要将我的备份解决方案应用程序生成的日志文件解析为一个 RTF 文档,并在过去 24-72 小时内查找单词 "Errors: "。我基本上必须查看笔记本电脑的备份解决方案何时出现故障。
到目前为止我有以下内容:
$daysBack = 3
$refDate = (Get-Date).AddDays(-$daysBack).Date # set this to midnight
$log = Get-Content -Path 'C:\Users\<User>\Documents\TheLog.log'
# find lines that start with what looks like a date and contains 'Errors:'
# capture the date part in backreference $matches[1] to parse into a real datetime object for comparison with $refDate
$errors = @($log | Where-Object { $_ -match '(\d{2}/\d{2}/\d{4} \d{2}:\d{2}:\d{2}).*Errors:' } |
Where-Object { [datetime]::ParseExact($matches[1], 'dd/MM/yyyy HH:mm:ss', $null) -ge $refDate }).Count
# if $errors not 0
if ($errors) {
$count = if ($errors -eq 1) { "was an error" } else { "were $errors errors" }
"There {0} in your back up solution in the last $daysBack days. Please check your log file." -f $count
}
else {
"There were no errors in backing up your files in the last $daysBack days."
}
以上代码没有发现以下错误:
18/02/2021 08:57:37 - can not access C:\users\<username>\documents\ The network path was not found.
18/02/2021 08:57:37 - End: Desktop... Copied: 0, Errors: 1
*我的日志文件中显示复制成功的示例行:
22/02/2021 17:27:33 - Begin: Documents=======================================
22/02/2021 17:27:33 - copied Notes.docx from C:\users\<username>\documents\ to D:\users\<username>\documents\
22/02/2021 17:27:33 - End: Documents...Copied 1
*日志文件中显示几天前的不成功复制的示例行:
18/02/2021 08:57:37 - can not access C:\users\<username>\documents\ The network path was not found.
18/02/2021 08:57:37 - End: Documents... copied: 0, Errors: 1
我还应该提一下,有时当我从我的文档中删除一个文件而不是备份它时,它也会从备份中删除。据我所知,我的备份解决方案是我文档中任何内容的精确镜像。我想我也想在我的代码中包含一些关于这些删除的内容。
我的日志文件是 RTF 格式
*删除的日志文件示例部分:
22/02/2021 17:27:33 - End: Documents...Copied 1, Deleted: 1
EDITTTTTTTTT我在这份文档中有几个错误。
这是我之前的代码:
我的代码很简单:
Get-Content -Path 'C:\Users\<User>\Documents\TheLog.log' -select string "Errors: "
但我想要一些可以根据严重错误过滤错误的东西,但不知道如何
当我 运行 上面的代码时,我得到这个输出:
\par 18/02/2021 08:57:37 - \plain\f0\fs16\cf1 End: Documents... copied: 0, Errors: 1 \plain\f0\fs16\cf1
我想以某种方式从生成的字符串中提取该日期并将其与今天的日期进行比较。
根据您显示的日志文件,您可以执行以下操作来测试最近三天是否报告了错误:
$daysBack = 3
$refDate = (Get-Date).AddDays(-$daysBack).Date # set this to midnight
$log = Get-Content -Path 'C:\Users\<User>\Documents\TheLog.log'
# find lines that start with what looks like a date and contains 'Errors:'
# capture the date part in backreference $matches[1] to parse into a real datetime object for comparison with $refDate
$errors = @($log | Where-Object { $_ -match '(\d{2}/\d{2}/\d{4} \d{2}:\d{2}:\d{2}).*Errors:' } |
Where-Object { [datetime]::ParseExact($matches[1], 'dd/MM/yyyy HH:mm:ss', $null) -ge $refDate }).Count
# if $errors not 0
if ($errors) {
$count = if ($errors -eq 1) { "was an error" } else { "were $errors errors" }
"There {0} in your back up solution in the last $daysBack days. Please check your log file." -f $count
}
else {
"There were no errors in backing up your files in the last $daysBack days."
}
我用一个文件测试过:
18/02/2021 08:57:37 - can not access C:\users\<username>\documents\ The network path was not found.
18/02/2021 08:57:37 - End: Documents... copied: 0, Errors: 1
21/02/2021 08:57:37 - can not access C:\users\<username>\documents\ The network path was not found.
21/02/2021 08:57:37 - End: Documents... copied: 0, Errors: 1
22/02/2021 17:27:33 - Begin: Documents=======================================
22/02/2021 17:27:33 - copied Notes.docx from C:\users\<username>\documents\ to D:\users\<username>\documents\
22/02/2021 17:27:33 - End: Documents...Copied 1
22/02/2021 17:27:33 - End: Documents...Copied 1, Deleted: 1
今天是 23/02/2021
设置时
$daysBack = 3
$refDate = (Get-Date).AddDays(-3).Date # set this to midnight
输出为
There was an error in your back up solution in the last 3 days. Please check your log file.
当设置为 6 天后:
$daysBack = 6
$refDate = (Get-Date).AddDays(-$daysBack).Date # set this to midnight
输出符合预期:
There were 2 errors in your back up solution in the last 6 days. Please check your log file.
正则表达式详细信息:
( Match the regular expression below and capture its match into backreference number 1
\d Match a single digit 0..9
{2} Exactly 2 times
/ Match the character “/” literally
\d Match a single digit 0..9
{2} Exactly 2 times
/ Match the character “/” literally
\d Match a single digit 0..9
{4} Exactly 4 times
\ Match the character “ ” literally
\d Match a single digit 0..9
{2} Exactly 2 times
: Match the character “:” literally
\d Match a single digit 0..9
{2} Exactly 2 times
: Match the character “:” literally
\d Match a single digit 0..9
{2} Exactly 2 times
)
. Match any single character that is not a line break character
* Between zero and unlimited times, as many times as possible, giving back as needed (greedy)
Errors: Match the characters “Errors:” literally
提前感谢您的帮助! :)
我是 Powershell 的初学者。我有 powershell 应用程序,而不是 powershell ISE。我需要将我的备份解决方案应用程序生成的日志文件解析为一个 RTF 文档,并在过去 24-72 小时内查找单词 "Errors: "。我基本上必须查看笔记本电脑的备份解决方案何时出现故障。
到目前为止我有以下内容:
$daysBack = 3
$refDate = (Get-Date).AddDays(-$daysBack).Date # set this to midnight
$log = Get-Content -Path 'C:\Users\<User>\Documents\TheLog.log'
# find lines that start with what looks like a date and contains 'Errors:'
# capture the date part in backreference $matches[1] to parse into a real datetime object for comparison with $refDate
$errors = @($log | Where-Object { $_ -match '(\d{2}/\d{2}/\d{4} \d{2}:\d{2}:\d{2}).*Errors:' } |
Where-Object { [datetime]::ParseExact($matches[1], 'dd/MM/yyyy HH:mm:ss', $null) -ge $refDate }).Count
# if $errors not 0
if ($errors) {
$count = if ($errors -eq 1) { "was an error" } else { "were $errors errors" }
"There {0} in your back up solution in the last $daysBack days. Please check your log file." -f $count
}
else {
"There were no errors in backing up your files in the last $daysBack days."
}
以上代码没有发现以下错误:
18/02/2021 08:57:37 - can not access C:\users\<username>\documents\ The network path was not found.
18/02/2021 08:57:37 - End: Desktop... Copied: 0, Errors: 1
*我的日志文件中显示复制成功的示例行:
22/02/2021 17:27:33 - Begin: Documents=======================================
22/02/2021 17:27:33 - copied Notes.docx from C:\users\<username>\documents\ to D:\users\<username>\documents\
22/02/2021 17:27:33 - End: Documents...Copied 1
*日志文件中显示几天前的不成功复制的示例行:
18/02/2021 08:57:37 - can not access C:\users\<username>\documents\ The network path was not found.
18/02/2021 08:57:37 - End: Documents... copied: 0, Errors: 1
我还应该提一下,有时当我从我的文档中删除一个文件而不是备份它时,它也会从备份中删除。据我所知,我的备份解决方案是我文档中任何内容的精确镜像。我想我也想在我的代码中包含一些关于这些删除的内容。
我的日志文件是 RTF 格式 *删除的日志文件示例部分:
22/02/2021 17:27:33 - End: Documents...Copied 1, Deleted: 1
EDITTTTTTTTT我在这份文档中有几个错误。
这是我之前的代码:
我的代码很简单:
Get-Content -Path 'C:\Users\<User>\Documents\TheLog.log' -select string "Errors: "
但我想要一些可以根据严重错误过滤错误的东西,但不知道如何 当我 运行 上面的代码时,我得到这个输出:
\par 18/02/2021 08:57:37 - \plain\f0\fs16\cf1 End: Documents... copied: 0, Errors: 1 \plain\f0\fs16\cf1
我想以某种方式从生成的字符串中提取该日期并将其与今天的日期进行比较。
根据您显示的日志文件,您可以执行以下操作来测试最近三天是否报告了错误:
$daysBack = 3
$refDate = (Get-Date).AddDays(-$daysBack).Date # set this to midnight
$log = Get-Content -Path 'C:\Users\<User>\Documents\TheLog.log'
# find lines that start with what looks like a date and contains 'Errors:'
# capture the date part in backreference $matches[1] to parse into a real datetime object for comparison with $refDate
$errors = @($log | Where-Object { $_ -match '(\d{2}/\d{2}/\d{4} \d{2}:\d{2}:\d{2}).*Errors:' } |
Where-Object { [datetime]::ParseExact($matches[1], 'dd/MM/yyyy HH:mm:ss', $null) -ge $refDate }).Count
# if $errors not 0
if ($errors) {
$count = if ($errors -eq 1) { "was an error" } else { "were $errors errors" }
"There {0} in your back up solution in the last $daysBack days. Please check your log file." -f $count
}
else {
"There were no errors in backing up your files in the last $daysBack days."
}
我用一个文件测试过:
18/02/2021 08:57:37 - can not access C:\users\<username>\documents\ The network path was not found.
18/02/2021 08:57:37 - End: Documents... copied: 0, Errors: 1
21/02/2021 08:57:37 - can not access C:\users\<username>\documents\ The network path was not found.
21/02/2021 08:57:37 - End: Documents... copied: 0, Errors: 1
22/02/2021 17:27:33 - Begin: Documents=======================================
22/02/2021 17:27:33 - copied Notes.docx from C:\users\<username>\documents\ to D:\users\<username>\documents\
22/02/2021 17:27:33 - End: Documents...Copied 1
22/02/2021 17:27:33 - End: Documents...Copied 1, Deleted: 1
今天是 23/02/2021
设置时
$daysBack = 3
$refDate = (Get-Date).AddDays(-3).Date # set this to midnight
输出为
There was an error in your back up solution in the last 3 days. Please check your log file.
当设置为 6 天后:
$daysBack = 6
$refDate = (Get-Date).AddDays(-$daysBack).Date # set this to midnight
输出符合预期:
There were 2 errors in your back up solution in the last 6 days. Please check your log file.
正则表达式详细信息:
( Match the regular expression below and capture its match into backreference number 1
\d Match a single digit 0..9
{2} Exactly 2 times
/ Match the character “/” literally
\d Match a single digit 0..9
{2} Exactly 2 times
/ Match the character “/” literally
\d Match a single digit 0..9
{4} Exactly 4 times
\ Match the character “ ” literally
\d Match a single digit 0..9
{2} Exactly 2 times
: Match the character “:” literally
\d Match a single digit 0..9
{2} Exactly 2 times
: Match the character “:” literally
\d Match a single digit 0..9
{2} Exactly 2 times
)
. Match any single character that is not a line break character
* Between zero and unlimited times, as many times as possible, giving back as needed (greedy)
Errors: Match the characters “Errors:” literally