Am trying to import / read Windows server event logs to a text file, using a wevtutil command. I use the following command to write my logs to file.txt:
$ wevtutil qe Application \rd:true \f:text (reads application logs)
and the sample output of my command, is:
Event[1]:
Log Name: Application
Source: Microsoft-Windows-Security-SPP
Date: 2016-03-29T13:02:27.000
Event ID: 8196
Task: N/A
Level: Information
Opcode: N/A
Keyword: Classic
User: N/A
User Name: N/A
Computer: WIN-IONOGQTF9O5
Description: License Activation Scheduler (sppuinotify.dll)
Event[2]:
Log Name: Application
Source: Microsoft-Windows
Date: 2016-06-29T13:02:57.000
Event ID: 3444
Task: N/A
Level: Critical
Opcode: N/A
Keyword: Classic
User: N/A
User Name: N/A
Computer: WIN-IONOGDFFF9O5
Description: AIRO.Activation code(sppuinotify.dll)
(Actually,two sample logs).
but, i want to write my log as a single line to .txt file, rather than the above multi-line output for a single log. is there a wevtutil command utility to write a log to a single line, like below:
Event[1]:Log Name: Application Source: Microsoft-Windows-Security-SPP Date: 2016-03-29T13:02:27.000 Event ID: 8196 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: WIN-IONOGQTF9O5 Description: License Activation Scheduler (sppuinotify.dll)
Event[2]:Log Name: Application Source: Microsoft-Windows Date: 2016-03-29T13:02:27.000 Event ID: 8196 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: WIN-IONOGQTF9O5 Description: License Activation Scheduler (sppuinotify.dll)
Thanks!
$logname = "Application"
$events = Get-EventLog -LogName $logname
$arr = #()
$counter = 1
foreach($event in $events){
$arr += "Event[$counter]:Log Name: $logname Source: $($event.Source) Date: $($event.TimeWritten) Event ID: $($event.EventID) Task: $($event.Category) Level: $($event.EntryType) ..."
$counter++
}
$arr | out-file events.txt
If you need to have Opcode, Keyword etc. use Get-Winevent instead of Get-Eventlog
Related
I have a Type: AWS::Serverless::HttpApi which I am trying to connect to a Type: AWS::Serverless::StateMachine as a trigger. Meaning the HTTP API would trigger the Step Function state machine.
I can get it working, by only specifying a single input. For example, the DefinitionBody when it works, looks like this:
DefinitionBody:
info:
version: '1.0'
title:
Ref: AWS::StackName
paths:
"/github/secret":
post:
responses:
default:
description: "Default response for POST /"
x-amazon-apigateway-integration:
integrationSubtype: "StepFunctions-StartExecution"
credentials:
Fn::GetAtt: [StepFunctionsApiRole, Arn]
requestParameters:
Input: $request.body
StateMachineArn: !Ref SecretScannerStateMachine
payloadFormatVersion: "1.0"
type: "aws_proxy"
connectionType: "INTERNET"
timeoutInMillis: 30000
openapi: 3.0.1
x-amazon-apigateway-importexport-version: "1.0"
Take note of the following line: Input: $request.body. I am only specifying the $request.body.
However, I need to be able to send the $request.body and $request.header.X-Hub-Signature-256. I need to send BOTH these values to my state machine as an input.
I have tried so many different ways. For example:
Input: " { body: $request.body, header: $request.header.X-Hub-Signature-256 }"
and
$request.body
$request.header.X-Hub-Signature-256
and
Input: $request
I get different errors each time, but this is the main one:
Warnings found during import: Unable to create integration for resource at path 'POST /github/secret': Invalid selection expression specified: Validation Result: warnings : [], errors : [Invalid source: $request specified for destination: Input].
Any help on how to pass multiple values would so be appreciated.
I am trying to implement the below calls:
POST https://host/sessions
DELETE https://host/sessions/{session_id}
The POST call is to establish a session, the DELETE call is to log out an established session.
So, in the YAML file, how to have an empty base path? It's currently a slash in the YAML file as it's a required filed, but the slash is redundant. Any idea? Thanks.
swagger: '2.0'
info:
version: '0.0.1'
title: authenticate
#description: To be provided
# #termsOfService:To be provided
contact:
name: test
basePath: /sessions
paths:
/:
post:
summary: eatablish a session
description: sessions is a collection.This POST creates a new session in the sessions collection and the name of the session returned by this command is the session token.
consumes:
- "application/json"
parameters:
- in: header
name: user_name
type: string
required: true
- in: header
name: password
type: string
required: true
responses:
200:
description: establish a session successfully
400:
$ref: "#/responses/BadRequest"
500:
description: unexpected error
schema:
$ref: '#/definitions/errorModel'
/{session_id}:
delete:
summary: log out
description: use sessionid to log out an established session.
produces:
- application/json
parameters:
- in: path
name: session_id
type: string
required: true
responses:
200:
description: log out a session successfully
400:
$ref: "#/responses/BadRequest"
500:
description: unexpected error
schema:
$ref: '#/definitions/errorModel'
Swagger defines
A relative path to an individual endpoint. The field name MUST begin with a forward slash (/).
Therefore, the slash is required and you can't have an empty path.
Thanks a lot for your time in reading this. I would really appreciate if you can show me some lights on how to achieve this.
the idea to build a PS script to revoke\release few license based on few conditions from an command line output
sample license status can be fetched through a command line below
--------------------------------------------------------------------
Trust Flags = FULLY TRUSTED
Fulfillment Type: TRIAL
Status: ENABLED
Fulfillment ID: LOCAL_TRIAL_FID_586
Entitlement ID: SC_LVJ1BYNH8ZF6H57OSCBZTFWPVR7PCR8
Product ID: NAME=Tableau Desktop TS;VERSION=4.0
Suite ID: NONE
Expiration date: 23-oct-2020
Feature line(s):
INCREMENT TableauDesktop tableau 2021.1108 permanent 1 \
VENDOR_STRING=EntitlementID=;EDITION=Professional;CAP=REG:STANDARD,WARN:14,NOGRACE;DC_STD=default;DC_CAP=;TRIALVER=2019.1;FulfillmentID=;ActivationID=;OEMNAME=;GRACE=;MAP_STD=default;MAP_CAP=;OFFLINE= \
ISSUER="Tableau Software" ISSUED=9-nov-2018 START=8-nov-2018 \
TS_OK SIGN="042D 811B 5D78 81EA E6E7 28BD 607A F3D3 028E DC82 \
E310 A6BC C1D5 0913 5CBC 18B5 8671 7C7D C0B7 3C46 D1E7 A16C \
6C84 3694 BB4C DB73 4B59 C419 D820 58E0"
--------------------------------------------------------------------
Trust Flags = FULLY TRUSTED
Fulfillment Type: TRIAL
Status: ENABLED
Fulfillment ID: LOCAL_TRIAL_FID_590
Entitlement ID: SC_LVJ1BYNH8ZF6H57OSCBZTFWPVR7PTR2
Product ID: NAME=Tableau Desktop TS;VERSION=4.0
Suite ID: NONE
Expiration date: 23-oct-2020
Feature line(s):
INCREMENT TableauDesktop tableau 2021.1108 permanent 1 \
VENDOR_STRING=EntitlementID=;EDITION=Professional;CAP=REG:STANDARD,WARN:14,NOGRACE;DC_STD=default;DC_CAP=;TRIALVER=2019.1;FulfillmentID=;ActivationID=;OEMNAME=;GRACE=;MAP_STD=default;MAP_CAP=;OFFLINE= \
ISSUER="Tableau Software" ISSUED=9-nov-2018 START=8-nov-2018 \
TS_OK SIGN="042D 811B 5D78 81EA E6E7 28BD 607A F3D3 028E DC82 \
E310 A6BC C1D5 0913 5CBC 18B5 8671 7C7D C0B7 3C46 D1E7 A16C \
6C84 3694 BB4C DB73 4B59 C419 D820 58E0"
--------------------------------------------------------------------
we need to parse the "Trust Flags", "status" and "Entitlement ID" from both the entries in to an hash-table so that we can perform logical operations.
your directions will be much helpful!! My sincere thanks again
You can use a switch statement with the -Regex switch to perform regular expression-based line-by-line processing:
# Initialize the (ordered) output hash table.
$hashTable = [ordered] #{}
# Process the input file line by line and populate the hash table.
switch -file input.txt -regex {
'^(Trust Flags|status|Entitlement ID):? +(?:= +)?(.*)' {
$hashTable[$Matches.1] = $Matches.2
}
}
# Output the resulting hash tabe.
$hashTable
The above yields:
Name Value
---- -----
Trust Flags FULLY TRUSTED
Status ENABLED
Entitlement ID SC_LVJ1BYNH8ZF6H57OSCBZTFWPVR7PTR2
I would first check if the command utility offers you a way to control the output. Many command line utilities do provide options for creating structured output such as csv or xml. If you are indeed limited to just text, then this is a perfect scenario to utilize ConvertFrom-String
Now depending on how much the data varies, you may need to adjust the "sample" data used in the template. I've found the key is to provide just enough training data and not too much. See the example below.
First create a template. I'm not sure what other possible values you may face but I did change the second example in the template just to provide a wider net. You could adjust these to actual possible values for better results.
$template = #'
Trust Flags = {TrustFlags*:FULLY TRUSTED}
Fulfillment Type: TRIAL
Status: {Status:ENABLED}
Fulfillment ID: LOCAL_TRIAL_FID_586
Entitlement ID: {EntitlementID:SC_LVJ1BYNH8ZF6H57OSCBZTFWPVR7PCR8}
Trust Flags = {TrustFlags*:not trusted}
Fulfillment Type: TRIAL
Status: {Status:Disabled}
Fulfillment ID: LOCAL_TRIAL_FID_590
Entitlement ID: {EntitlementID:AB_12345678ABCDEF}
'#
Now apply the template to the text
$text = #'
--------------------------------------------------------------------
Trust Flags = FULLY TRUSTED
Fulfillment Type: TRIAL
Status: ENABLED
Fulfillment ID: LOCAL_TRIAL_FID_586
Entitlement ID: SC_LVJ1BYNH8ZF6H57OSCBZTFWPVR7PCR8
Product ID: NAME=Tableau Desktop TS;VERSION=4.0
Suite ID: NONE
Expiration date: 23-oct-2020
Feature line(s):
INCREMENT TableauDesktop tableau 2021.1108 permanent 1 \
VENDOR_STRING=EntitlementID=;EDITION=Professional;CAP=REG:STANDARD,WARN:14,NOGRACE;DC_STD=default;DC_CAP=;TRIALVER=2019.1;FulfillmentID=;ActivationID=;OEMNAME=;GRACE=;MAP_STD=default;MAP_CAP=;OFFLINE= \
ISSUER="Tableau Software" ISSUED=9-nov-2018 START=8-nov-2018 \
TS_OK SIGN="042D 811B 5D78 81EA E6E7 28BD 607A F3D3 028E DC82 \
E310 A6BC C1D5 0913 5CBC 18B5 8671 7C7D C0B7 3C46 D1E7 A16C \
6C84 3694 BB4C DB73 4B59 C419 D820 58E0"
--------------------------------------------------------------------
Trust Flags = FULLY TRUSTED
Fulfillment Type: TRIAL
Status: ENABLED
Fulfillment ID: LOCAL_TRIAL_FID_590
Entitlement ID: SC_LVJ1BYNH8ZF6H57OSCBZTFWPVR7PTR2
Product ID: NAME=Tableau Desktop TS;VERSION=4.0
Suite ID: NONE
Expiration date: 23-oct-2020
Feature line(s):
INCREMENT TableauDesktop tableau 2021.1108 permanent 1 \
VENDOR_STRING=EntitlementID=;EDITION=Professional;CAP=REG:STANDARD,WARN:14,NOGRACE;DC_STD=default;DC_CAP=;TRIALVER=2019.1;FulfillmentID=;ActivationID=;OEMNAME=;GRACE=;MAP_STD=default;MAP_CAP=;OFFLINE= \
ISSUER="Tableau Software" ISSUED=9-nov-2018 START=8-nov-2018 \
TS_OK SIGN="042D 811B 5D78 81EA E6E7 28BD 607A F3D3 028E DC82 \
E310 A6BC C1D5 0913 5CBC 18B5 8671 7C7D C0B7 3C46 D1E7 A16C \
6C84 3694 BB4C DB73 4B59 C419 D820 58E0"
--------------------------------------------------------------------
'#
$text | ConvertFrom-String -TemplateContent $template -OutVariable results
TrustFlags Status EntitlementID
---------- ------ -------------
FULLY TRUSTED ENABLED SC_LVJ1BYNH8ZF6H57OSCBZTFWPVR7PCR8
FULLY TRUSTED ENABLED SC_LVJ1BYNH8ZF6H57OSCBZTFWPVR7PTR2
For the demonstration I used Out-Variable so we could see the output as well as capture to a variable. This obviously could be changed to just $variable = instead. The $results variable is a PSCustomObject which you can use like any other.
$results | where trustflags -eq 'Fully Trusted'
TrustFlags Status EntitlementID
---------- ------ -------------
FULLY TRUSTED ENABLED SC_LVJ1BYNH8ZF6H57OSCBZTFWPVR7PCR8
FULLY TRUSTED ENABLED SC_LVJ1BYNH8ZF6H57OSCBZTFWPVR7PTR2
$results.entitlementid
SC_LVJ1BYNH8ZF6H57OSCBZTFWPVR7PCR8
SC_LVJ1BYNH8ZF6H57OSCBZTFWPVR7PTR2
To use it against a file it's probably best to use Get-Content -Raw depending on just how large those files are.
Get-Content $textfile -Raw | ConvertFrom-String -TemplateContent $template -OutVariable results
Using this gem: whois (3.6.5)
Doing this:
Whois::Client.new(timeout: 2).lookup('miaz.ca')
And then trying to call .properties on the result of the call (pasted below)
"Domain name: miaz.ca\nDomain status: registered\nCreation date: 2014/03/12\nExpiry date:
2018/03/12\nUpdated date: 2017/03/02\nDNSSEC:
Unsigned\n\nRegistrar:\n Name: Go Daddy Domains
Canada, Inc\n Number: 2316042\n\nName servers:\n
ns61.domaincontrol.com\n ns62.domaincontrol.com\n\n% WHOIS look-up
made at 2017-08-15 20:13:15 (GMT)\n%\n% Use of CIRA's WHOIS service is
governed by the Terms of Use in its Legal\n% Notice, available at
http://www.cira.ca/legal-notice/?lang=en \n%\n% (c) 2017 Canadian
Internet Registration Authority, (http://www.cira.ca/) \n"
But then calling Whois::Client.new(timeout: 2).lookup('childrenandco.qa')
gives this response and .properties gives a undefined method 'zip' for "shops.myshopify.com":String:
"Domain Name: childrenandco.qa\r\nLast Modified: 15-Aug-2017 14:06:49 UTC\r\nRegistrar
Name: W3INFOTECH W.L.L\r\nStatus:
inactive\r\n\r\nRegistrant Contact ID: W3R2736\r\nRegistrant
Contact Name: Ibrahim alobaidan\r\nRegistrant Contact Email:
Visit www.domains.qa\r\n\r\nTech Contact ID:
W3T2736\r\nTech Contact Name: Ibrahim alobaidan\r\nTech
Contact Email: Visit www.domains.qa\r\n\r\nName Server:
shops.myshopify.com\r\n"
I have a text file where I have to read the content and append to it. i.e. make a copy of the file and append to it. I wrote the following code
#!/usr/bin/perl
use strict;
use warnings;
my $line;
open FILL, ">> fred"
or warn "Cannot open : $!";
while(<FILL>){
# s/^Author:.*/Author: Randal L. Schwartz/;
# s/^Phone:.*\n//;
# s/^Date:.*/Date: $date/;
$line.=$_;
print $line;
}
select FILL;
print $line;
But it doesn't enter the while loop at all and when I open a filehandle for the same file in read mode and select the file handle in append mode to print it works.
Input :
Program name: granite
Author: Gilbert Bates
Company: RockSoft
Department: R&D
Phone: +1 503 555-0095
Date: Tues March 9, 2004
Version: 2.1
Size: 21k
Status: Final beta
Output :
Program name: granite
Author: Gilbert Bates
Company: RockSoft
Department: R&D
Phone: +1 503 555-0095
Date: Tues March 9, 2004
Version: 2.1
Size: 21k
Status: Final beta
Program name: granite
Author: Gilbert Bates
Company: RockSoft
Department: R&D
Phone: +1 503 555-0095
Date: Tues March 9, 2004
Version: 2.1
Size: 21k
Status: Final beta
This program works correctly
#!/usr/bin/perl
use strict;
use warnings;
my $line;
open FIL, "fred"
or warn "Cannot open : $!";
open FILL, ">> fred"
or warn "Cannot open : $!";
while(<FIL>){
# s/^Author:.*/Author: Randal L. Schwartz/;
# s/^Phone:.*\n//;
# s/^Date:.*/Date: $date/;
$line.=$_;
print $line;
}
select FILL;
print $line;
It appends correctly in file but the terminal output is
Program name: granite
Program name: granite
Author: Gilbert Bates
Program name: granite
Author: Gilbert Bates
Company: RockSoft
Program name: granite
Author: Gilbert Bates
Company: RockSoft
Department: R&D
Program name: granite
Author: Gilbert Bates
Company: RockSoft
Department: R&D
Phone: +1 503 555-0095
Program name: granite
Author: Gilbert Bates
Company: RockSoft
Department: R&D
Phone: +1 503 555-0095
Date: Tues March 9, 2004
Program name: granite
Author: Gilbert Bates
Company: RockSoft
Department: R&D
Phone: +1 503 555-0095
Date: Tues March 9, 2004
Version: 2.1
Program name: granite
Author: Gilbert Bates
Company: RockSoft
Department: R&D
Phone: +1 503 555-0095
Date: Tues March 9, 2004
Version: 2.1
Size: 21k
Program name: granite
Author: Gilbert Bates
Company: RockSoft
Department: R&D
Phone: +1 503 555-0095
Date: Tues March 9, 2004
Version: 2.1
Size: 21k
Status: Final beta
Program name: granite
Author: Gilbert Bates
Company: RockSoft
Department: R&D
Phone: +1 503 555-0095
Date: Tues March 9, 2004
Version: 2.1
Size: 21k
Status: Final beta
Why does it print so many times?
$line is the variable in which you accumulate everything read so far. So within the loop, you probably wanted to do
print $_;
or just
print;
instead of
print $line;
To answer your original question... You will want to open the file in both read and write (append) mode.
open FILL, '>>+', 'fred';
(Please don't use the 2-argument version of open. It's unsafe.)
But this places the file pointer at the end of the file, so you'll have to do a
seek FILL, 0, 0;
before reading. Since you read before writing, it makes no difference whether or not you open the file in append mode.
You should even be able to add another seek after reading the file, but I am not sure whether this is going to be portable across Unix and Windows.