如何在PowerShell中获取系统对象数组中的最后一个条目。

huangapple
go评论84阅读模式
英文:

how to get the last entry in the system object array in powershell

问题

我使用以下命令在C:\tmp目录下生成一个日志文件,命名规则如下:computername_yearmmddhhmm.txt

  1. /xagt.exe -g "C:\tmp\xagt_${env:COMPUTERNAME}_$(Get-Date -Format 'yyyyMMdd_HHmmss').txt"

要使用PowerShell读取此文件的输出,我使用下面附加的代码,要获取日志文件的最后20行,我使用以下代码:

  1. $Fireeyefilename = Get-Item  $filename*.txt
  3. Write-Output ("FireEye Connection Status");
  4. Write-Host "-------------------------------------------------------------------------------------------------------";
  5. $foreeyeconnection = Get-Content $Fireeyefilename[$Fireeyefilename.count  1] -Tail 20 | select-string "m=TCPConnect";
  6. Write-Output ("$($Fireeyefilename[$Fireeyefilename.count  1])");
  7. Write-Output ("$foreeyeconnection");

如上所示,我将文件名的一部分保存在变量$filename中,然后将符合命名规则xagt_hostname_*的所有日志文件存储在变量$Fireeyefilename中,然后使用Get-Content读取此文件的内容。

问题是有时变量$Fireeyefilename包含单个日志文件,如下所示:

  1. PS C:\Program Files (x86)\FireEye\xagt> $Fireeyefilename
  3. Directory: C:\tmp
  5. Mode                LastWriteTime         Length Name
  6. ----                -------------         ------ ----
  7. -a----       13/07/2023     10:58        8416798 xagt_computername_20230713_105844.txt
  9. PS C:\Program Files (x86)\FireEye\xagt> $Fireeyefilename.GetType()
  11. IsPublic IsSerial Name                                     BaseType
  12. -------- -------- ----                                     --------
  13. True     True     FileInfo                                 System.IO.FileSystemInfo

而且$Fireeyefilename变量的类型变为System.IO.FileSystemInfo

有时候$Fireeyefilename变量包含多个日志文件,并且变量类型变为系统数组,如下所示:

  1. PS C:\Program Files (x86)\FireEye\xagt> $Fireeyefilename
  3. Directory: C:\tmp
  5. Mode                LastWriteTime         Length Name
  6. ----                -------------         ------ ----
  7. -a----       13/07/2023     10:58        8416798 xagt_computername_20230713_105844.txt
  8. -a----       13/07/2023     11:03        8428108 xagt_computername_20230713_110307.txt
  9. -a----       13/07/2023     11:03        8428108 xagt_computername_20230713_110337.txt
  11. PS C:\Program Files (x86)\FireEye\xagt> $Fireeyefilename.GetType()
  13. IsPublic IsSerial Name                                     BaseType
  14. -------- -------- ----                                     --------
  15. True     True     Object[]                                 System.Array

我需要读取我生成的最后一个日志文件,也就是具有最新的LastWriteTime的文件,所以我使用以下代码:

  1. Get-Content $Fireeyefilename[$Fireeyefilename.count  1] -Tail 20 | select-string "m=TCPConnect";

正如我之前提到的,当变量$Fireeyefilename包含单个文件名且其类型为System.IO.FileSystemInfo时,它将没有Count属性,但代码仍然有效。而当变量$Fireeyefilename的类型为System.Array时,我使用上述代码来获取最后一个文件。

有时候使用以下代码无法获取最后一个生成的日志文件:

  1. Get-Content $Fireeyefilename[$Fireeyefilename.count  1]

所以是否有一种方法可以在系统数组变量$Fireeyefilename中获取具有最新LastWriteTime的最后一个日志文件?

请考虑我应该在C:\tmp位置生成此文件的事实,为什么会有相同名称的日志文件,因为许多用户需要在相同的位置生成此文件,是否有改进代码的建议,请告知。

英文:

I use the following command to generate a log file in C:\tmp with this naming convention computername_yearmmddhhmm.txt

  1. /xagt.exe -g "C:\tmp\xagt_${env:COMPUTERNAME}_$(Get-Date -Format 'yyyyMMdd_HHmmss').txt"

to read the output of this file using PowerShell I use the code attached below , to obtain the last 20 lines of the logfile I use the below code

  1. $Fireeyefilename = Get-Item  $filename*.txt
  3. Write-Output ("FireEye Connection Status");
  4. Write-Host "-------------------------------------------------------------------------------------------------------"
  5. $foreeyeconnection = Get-Content $Fireeyefilename[$Fireeyefilename.count  1] -Tail 20 | select-string "m=TCPConnect";
  6. Write-Output ("$($Fireeyefilename[$Fireeyefilename.count  1])");
  7. Write-Output ("$foreeyeconnection");

as shown above, I save part of the file name in the variable $filename, then I store all the log files created with the naming convention xagt_hostname_* in the variable $Fireeyefilename, and then I read the content of this file using Get-Content.

The problem is that some time the variable ($Fireeyefilename) contains a single log file
like that

  1. PS C:\Program Files (x86)\FireEye\xagt> $Fireeyefilename
  4.     Directory: C:\tmp
  7. Mode                LastWriteTime         Length Name                                                                                                                    
  8. ----                -------------         ------ ----                                                                                                                    
  9. -a----       13/07/2023     10:58        8416798 xagt_computername_20230713_105844.txt                                                                                       
  13. PS C:\Program Files (x86)\FireEye\xagt> $Fireeyefilename.GetType()
  15. IsPublic IsSerial Name                                     BaseType                                                                                                      
  16. -------- -------- ----                                     --------                                                                                                      
  17. True     True     FileInfo                                 System.IO.FileSystemInfo

and the $Fireeyefilename variable type becomes System.IO.FileSystemInfo

and some time the $Fireeyefilename variable has multiple log logfiles and the variable type becomes a system array like:

  1. PS C:\Program Files (x86)\FireEye\xagt> $Fireeyefilename.GetType()
  3. IsPublic IsSerial Name                                     BaseType                                                                                                      
  4. -------- -------- ----                                     --------                                                                                                      
  5. True     True     Object[]                                 System.Array                                                                                                  
  9. PS C:\Program Files (x86)\FireEye\xagt> $Fireeyefilename
  12.     Directory: C:\tmp
  15. Mode                LastWriteTime         Length Name                                                                                                                    
  16. ----                -------------         ------ ----                                                                                                                    
  17. -a----       13/07/2023     10:58        8416798 xagt_computername_20230713_105844.txt                                                                                       
  18. -a----       13/07/2023     11:03        8428108 xagt_computername_20230713_110307.txt                                                                                       
  19. -a----       13/07/2023     11:03        8428108 xagt_computername_20230713_110337.txt

I need to read the last log file I generated ,in other words thefile with the recent "LastWriteTime"
so I use this code:

  1. Get-Content $Fireeyefilename[$Fireeyefilename.count  1] -Tail 20 | select-string "m=TCPConnect";

as I mentioned previously, when the variable $Fireeyefilename has a single file name
and its type is system.IO.FileSystemInfo, it will hvave no Count property but the code works
and when the variable $Fireeyefilename type is System.Array, I got the last file using

  1. Get-Content $Fireeyefilename[$Fireeyefilename.count  1] -Tail 20 | select-string "m=TCPConnect";

Sometimes I couldn't get the last log file I generated using this code:

  1. Get-Content $Fireeyefilename[$Fireeyefilename.count  1]

so is there a mmethod to get the last log file with the LastWriteTime in he system array variable Last $Fireeyefilename

Take into consideration that I should to generate this file in the C:\tmp location
why there logfiles with the same name, because a lot of users have to generate this file in the same location and is there a suggestion to enhance the code, kindly let me know

答案1

得分: 0

你可以使用 @(...) 数组子表达式运算符来强制 PowerShell 将单个项的输出视为数组:

  1. # 使用 @() 确保 `$FireEyeLogFiles` 包含一个数组,无论是否有 0、1 或多个文件
  2. $FireEyeLogFiles = @(Get-Item $filename*.txt)
  4. # 索引 `-1` 将给你数组中的最后一个项
  5. $latestFireEyeLogFile = $FireEyeLogFiles[-1] 
  6. if (-not $latestFireEyeLogFile) {
  7.   Write-Warning "未找到日志文件!"
  8. }
  9. else {
  10.   $latestFireEyeLogFile | Get-Content -Tail 20 | Select-String -Pattern 'm=TCPConnect'
  11. }
英文:

You can use the @(...) array subexpression operator to force PowerShell to treat single-item output as an array:

  1. # use @() to ensure `$FireEyeLogFiles` contains an array, 
  2. # regardless of whether there's 0, 1, or multiple files
  3. $FireEyeLogFiles = @(Get-Item $filename*.txt)
  5. # index `-1` will give you the last item in the array
  6. $latestFireEyeLogFile = $FireEyeLogFiles[-1] 
  7. if (-not $latestFireEyeLogFile) {
  8.   Write-Warning "No log files found!"
  9. }
  10. else {
  11.   $latestFireEyeLogFile |Get-Content -Tail 20 |Select-String -Pattern 'm=TCPConnect'
  12. }

huangapple
  • 本文由 发表于 2023年7月13日 19:14:26
  • 转载请务必保留本文链接:https://go.coder-hub.com/76678730.html
  • powershell
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定