数中数，数中数

Question

我试图转一个乏味的任务，通过一个错误日志文件夹，并手动查看10多个文件，以了解它们是什么进一步的诊断。目前，我有一个正在工作的powershell脚本，它执行以下步骤，但仍然要求我读取每一行以查找文件中的日期和错误类型：

21-22-14.txt)

• counts
• 在以.txt
• 结尾的目录中找到文件，只收集文件名中的日期和时间(它们总是采用相同的语法，例如错误日志2021-11-25 )通过文件的总文件量
  • 循环读取文件的前两行，如果前一行像字符串一样，将特定于string
  • Writes的计数添加到控制台总计数文件和每个找到的

  F 213的字符串总数

The count of EOF is: 8
The count of Handshake fails is: 7
The count of SSPI fails is: 2
The count of Transport Connection is: 36
The count of Authentication failed is: 4
The count of Object Reference is: 3
Total files in this folder: 60
Total files analysed: 60

• 将文件名和文件中找到的字符串写入控制台.

2021-12-01 22-06-57.txt - contains an 'Transport Connection' error
2021-12-01 20-15-19.txt - contains an 'Authentication failed' error
2021-11-26 14-02-05.txt - contains an 'Unexpected EOF' error.
2021-11-25 21-22-14 - contains an 'SSPI Fail' error.

然后，我需要将每个日期出现的次数转移到另一个服务器上的另一个excel表(这是一个空隙表)，正如您从整个脚本中可以看到的那样，这是非常低效率的，我想输出以下样式。我尝试过将错误名称添加到列表中，并将错误名称循环到文件中，但确实在正确的语法上苦苦挣扎。我还尝试将我的文件分组到日期名称中，然后按错误消息排列，但也确实在语法上苦苦挣扎。

它主要是做我想做的，但我希望的是沿着这些方向发展。

On 2021-12-01 I count 2 occurrence(s) in total:
    'Transport Connection' - 1
    'Authentication failed' - 1
    'Unexpected EOF' - 2
On 2021-11-25 I count 1 occurrence(s) in total:
    'SSPI Fail' - 1
On 2021-11-26 I count 1 occurrence(s) in total:
    'Unexpected EOF' - 1

任何帮助都将不胜感激！非常感谢!请仁慈点，别冲进我的喉咙。太多的人都这样做了，这对我的学习并不是个好兆头。

全码

$path = 'D:\logs'
$files = Get-ChildItem -Path $path -Include *.txt
$filecount = (Get-ChildItem -path $path | Measure-Object).Count

$countEOF = 0
$countHandshakeFail = 0 
$countSSPI = 0
$countTrnsptConn = 0 
$ccountAuthFail = 0
$countObjRef = 0
$countCertInval = 0 
$countUnauthdAccess = 0
$countArithmetic = 0



foreach($file in $files)
    {
        $filename = Split-Path $file -leaf
        
        $firstLines = Get-Content $file | Select -First 2

        $date = $filename.Substring($filename.IndexOf('.txt')-19,19)      

        if($firstLines -like '*Certificate*')
            {
                $countObjRef += 1
                Write-Output "$date - contains an 'Object reference' error."    
            }
        if($firstLines -like '*EOF*')
            {
                $countEOF += 1
                Write-Output "$date - contains an 'Unexpected EOF' error."    
            }
        if($firstLines -like '*handshake*')
            {
                $countHandshakeFail += 1
                Write-Output "$date - contains an 'Handshake fail due to unexpected packet format' error."
            }
        if($firstLines -like '*SSPI*')
            {
                $countSSPI += 1
                Write-Output "$date - contains an 'SSPI Fail' errror."
            }
        if($firstLines -like '*transport connection*')
            {
                $countTrnsptConn += 1
                Write-Output "$date - contains an 'Transport Connection' error"
            }
        if($firstLines -like '*Authentication failed*')
            {
                $ccountAuthFail += 1
                Write-Output "$date - contains an 'Authentication failed' error"
            }
        if($firstLines -like '*Object reference*')
            {
                $countObjRef += 1
                Write-Output "$date - contains an 'Object reference' error."    
            }

    }
Write-Output "The count of EOF is: $countEOF"
Write-Output "The count of Handshake fails is: $countHandshakeFail"
Write-Output "The count of SSPI fails is: $countSSPI"
Write-Output "The count of Transport Connection is: $countTrnsptConn"
Write-Output "The count of Authentication failed is: $ccountAuthFail"
Write-Output "The count of Object Reference is: $countObjRef"

Write-Output "Total files in this folder: $filecount"
write-output ("Total files analysed: " + ($countEOF + $countSSPI + $countHandshakeFail + $countTrnsptConn + $ccountAuthFail + $countObjRef))

Answer 1

我的方法是这样的：

processing

• Write

• 首先通过所有文件定义错误类型(首先是

• 循环)并查找问题，迭代先前定义的错误类型

• 存储结果，以便更容易地根据存储的结果输出您想要的输出，现在可以根据存储的结果对结果进行分组和排序。

基于此，结果如下：

$path = 'D:\logs\*'
$files = Get-ChildItem -Path $path -Include *.txt
$filecount = (Get-ChildItem -path $path | Measure-Object).Count

# List of results for easy processing afterward (eg: such as export to excel)
$Output = [System.Collections.Generic.List[PSObject]]::new()

# Ordered hashtable containing an internal name for each error type and the corresponding string that will be searched against using the like operator / written to console
$ErrorTypes = [Ordered]@{
    AuthenticationFailed = 'Authentication failed'
    Certificate          = 'Certificate'
    EOF                  = 'EOF'
    Handshake            = 'Handshake'
    ObjectReference      = 'Object Reference'
    SSPI                 = 'SSPI'
    TransportConnection  = 'transport connection'
}
# Just for better display, so that all the numbers get aligned in the output later on.
$ErrorTypesLongest = ($ErrorTypes.Values | Measure-Object -Maximum).Maximum.Length
foreach ($file in $files) {
    $filename = Split-Path $file -leaf
        
    $firstLines = Get-Content $file | Select -First 2

    $date = $filename.Substring($filename.IndexOf('.txt') - 19, 19)      
    
    # object containing reference information about Filename, date and errors
    $Item = [PSCustomObject]@{
        Date       = $date.Substring(0, 10)
        Filename   = $filename
        ErrorTypes = [System.Collections.Generic.List[String]]::new()
    }
    
    # Same as your multiple if but we iterate through errors types contained in the hashtable. If found,
    # we add the error to our "errortypes" for that file
    foreach ($ErrorKey in $ErrorTypes.Keys) {
        if ($firstLines -like "*$($ErrorTypes[$ErrorKey])*") {
            $Item.ErrorTypes.Add($ErrorKey)
            break # Since $firstLine, based on the last line of the initial sample, seems like it will contains only one error type.
        }
    }
    
    # That is the list we use to keep track of everything
    $Output.Add($Item)
}

# We do want everything sorted by date, then grouped by date so we can count the number of occurences and
# summarize what happened for that day.
$Grouped = $Output | Sort-Object -Property Date | Group-Object -Property Date 
Foreach ($G in $Grouped) {
    # Because we can
    $OccurenceStr = if ($G.Count -eq 1) { "occurence" } else { "occurences" }
    
    # I like cyan.
    Write-host "On $($G.Name), I count $($G.Count) $OccurenceStr in total:" -ForegroundColor Cyan

    # We group error types of the same date together to get a count and we sort the result alphabetically
    # then we iterate through them and write the output
    $G.Group.ErrorTypes | Group-Object | Sort-Object Name | % {
        Write-host " $($_.Name.PadRight($ErrorTypesLongest +1,' ')): $($_.Count)"     } 
}
Write-Host "Summary" -ForegroundColor Cyan
Write-Host " Total files in this folder: $filecount"
Write-Host " Total files with issues: $(($OutputErrorTypes | Measure-Object -Property Count -Sum).Sum)" 

$OutputErrorTypes = $Output.errortypes | Group-Object | Sort-Object Name
# If you want to avoid get the count for error types where the count is 0, use this.
$OutputErrorTypes | % {
    Write-Host " The count of $($_.Name) is: $($_.Count)"
}

# If you want the "0" count item, use that instead
# $ErrorTypes.Keys | % {
#     Write-Host "The count of $($ErrorTypes[$_]) is: $(($OutputErrorTypes | Where Name -eq $ErrorTypes[$_]).Count)"
# }

使用的文件名示例&它们的1行内容

2021-12-01 22-06-57.txt - contains an 'Transport Connection' error
2021-12-01 22-07-57.txt - contains an 'Transport Connection' error
2021-12-01 20-15-19.txt - contains an 'Authentication failed' error
2021-11-26 14-02-05.txt - contains an 'Unexpected EOF' error.
2021-11-25 21-22-14 - contains an 'SSPI Fail' error.

结果

On 2021-11-25, I count 1 occurence in total:
 SSPI                 : 1
On 2021-11-26, I count 1 occurence in total:
 EOF                  : 1
On 2021-12-01, I count 3 occurences in total:
 AuthenticationFailed : 1
 TransportConnection  : 2
Summary
 Total files in this folder: 5
 Total files with issues: 5
 The count of AuthenticationFailed is: 1
 The count of EOF is: 1
 The count of SSPI is: 1
 The count of TransportConnection is: 2