英文:
how to get the last entry in the system object array in powershell
问题
我使用以下命令在C:\tmp目录下生成一个日志文件,命名规则如下:computername_yearmmddhhmm.txt
/xagt.exe -g "C:\tmp\xagt_${env:COMPUTERNAME}_$(Get-Date -Format 'yyyyMMdd_HHmmss').txt"
要使用PowerShell读取此文件的输出,我使用下面附加的代码,要获取日志文件的最后20行,我使用以下代码:
$Fireeyefilename = Get-Item $filename*.txt
Write-Output ("FireEye Connection Status");
Write-Host "-------------------------------------------------------------------------------------------------------";
$foreeyeconnection = Get-Content $Fireeyefilename[$Fireeyefilename.count – 1] -Tail 20 | select-string "m=TCPConnect";
Write-Output ("$($Fireeyefilename[$Fireeyefilename.count – 1])");
Write-Output ("$foreeyeconnection");
如上所示,我将文件名的一部分保存在变量$filename中,然后将符合命名规则xagt_hostname_*的所有日志文件存储在变量$Fireeyefilename中,然后使用Get-Content读取此文件的内容。
问题是有时变量$Fireeyefilename包含单个日志文件,如下所示:
PS C:\Program Files (x86)\FireEye\xagt> $Fireeyefilename
Directory: C:\tmp
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 13/07/2023 10:58 8416798 xagt_computername_20230713_105844.txt
PS C:\Program Files (x86)\FireEye\xagt> $Fireeyefilename.GetType()
IsPublic IsSerial Name BaseType
-------- -------- ---- --------
True True FileInfo System.IO.FileSystemInfo
而且$Fireeyefilename变量的类型变为System.IO.FileSystemInfo。
有时候$Fireeyefilename变量包含多个日志文件,并且变量类型变为系统数组,如下所示:
PS C:\Program Files (x86)\FireEye\xagt> $Fireeyefilename
Directory: C:\tmp
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 13/07/2023 10:58 8416798 xagt_computername_20230713_105844.txt
-a---- 13/07/2023 11:03 8428108 xagt_computername_20230713_110307.txt
-a---- 13/07/2023 11:03 8428108 xagt_computername_20230713_110337.txt
PS C:\Program Files (x86)\FireEye\xagt> $Fireeyefilename.GetType()
IsPublic IsSerial Name BaseType
-------- -------- ---- --------
True True Object[] System.Array
我需要读取我生成的最后一个日志文件,也就是具有最新的LastWriteTime的文件,所以我使用以下代码:
Get-Content $Fireeyefilename[$Fireeyefilename.count – 1] -Tail 20 | select-string "m=TCPConnect";
正如我之前提到的,当变量$Fireeyefilename包含单个文件名且其类型为System.IO.FileSystemInfo时,它将没有Count属性,但代码仍然有效。而当变量$Fireeyefilename的类型为System.Array时,我使用上述代码来获取最后一个文件。
有时候使用以下代码无法获取最后一个生成的日志文件:
Get-Content $Fireeyefilename[$Fireeyefilename.count – 1]
所以是否有一种方法可以在系统数组变量$Fireeyefilename中获取具有最新LastWriteTime的最后一个日志文件?
请考虑我应该在C:\tmp位置生成此文件的事实,为什么会有相同名称的日志文件,因为许多用户需要在相同的位置生成此文件,是否有改进代码的建议,请告知。
英文:
I use the following command to generate a log file in C:\tmp with this naming convention computername_yearmmddhhmm.txt
/xagt.exe -g "C:\tmp\xagt_${env:COMPUTERNAME}_$(Get-Date -Format 'yyyyMMdd_HHmmss').txt"
to read the output of this file using PowerShell I use the code attached below , to obtain the last 20 lines of the logfile I use the below code
$Fireeyefilename = Get-Item $filename*.txt
Write-Output ("FireEye Connection Status");
Write-Host "-------------------------------------------------------------------------------------------------------"
$foreeyeconnection = Get-Content $Fireeyefilename[$Fireeyefilename.count – 1] -Tail 20 | select-string "m=TCPConnect";
Write-Output ("$($Fireeyefilename[$Fireeyefilename.count – 1])");
Write-Output ("$foreeyeconnection");
as shown above, I save part of the file name in the variable $filename, then I store all the log files created with the naming convention xagt_hostname_* in the variable $Fireeyefilename, and then I read the content of this file using Get-Content.
The problem is that some time the variable ($Fireeyefilename) contains a single log file
like that
PS C:\Program Files (x86)\FireEye\xagt> $Fireeyefilename
Directory: C:\tmp
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 13/07/2023 10:58 8416798 xagt_computername_20230713_105844.txt
PS C:\Program Files (x86)\FireEye\xagt> $Fireeyefilename.GetType()
IsPublic IsSerial Name BaseType
-------- -------- ---- --------
True True FileInfo System.IO.FileSystemInfo
and the $Fireeyefilename variable type becomes System.IO.FileSystemInfo
and some time the $Fireeyefilename variable has multiple log logfiles and the variable type becomes a system array like:
PS C:\Program Files (x86)\FireEye\xagt> $Fireeyefilename.GetType()
IsPublic IsSerial Name BaseType
-------- -------- ---- --------
True True Object[] System.Array
PS C:\Program Files (x86)\FireEye\xagt> $Fireeyefilename
Directory: C:\tmp
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 13/07/2023 10:58 8416798 xagt_computername_20230713_105844.txt
-a---- 13/07/2023 11:03 8428108 xagt_computername_20230713_110307.txt
-a---- 13/07/2023 11:03 8428108 xagt_computername_20230713_110337.txt
I need to read the last log file I generated ,in other words thefile with the recent "LastWriteTime"
so I use this code:
Get-Content $Fireeyefilename[$Fireeyefilename.count – 1] -Tail 20 | select-string "m=TCPConnect";
as I mentioned previously, when the variable $Fireeyefilename has a single file name
and its type is system.IO.FileSystemInfo, it will hvave no Count property but the code works
and when the variable $Fireeyefilename type is System.Array, I got the last file using
Get-Content $Fireeyefilename[$Fireeyefilename.count – 1] -Tail 20 | select-string "m=TCPConnect";
Sometimes I couldn't get the last log file I generated using this code:
Get-Content $Fireeyefilename[$Fireeyefilename.count – 1]
so is there a mmethod to get the last log file with the LastWriteTime in he system array variable Last $Fireeyefilename
Take into consideration that I should to generate this file in the C:\tmp location
why there logfiles with the same name, because a lot of users have to generate this file in the same location and is there a suggestion to enhance the code, kindly let me know
答案1
得分: 0
你可以使用 @(...) 数组子表达式运算符来强制 PowerShell 将单个项的输出视为数组:
# 使用 @() 确保 `$FireEyeLogFiles` 包含一个数组,无论是否有 0、1 或多个文件
$FireEyeLogFiles = @(Get-Item $filename*.txt)
# 索引 `-1` 将给你数组中的最后一个项
$latestFireEyeLogFile = $FireEyeLogFiles[-1]
if (-not $latestFireEyeLogFile) {
Write-Warning "未找到日志文件!"
}
else {
$latestFireEyeLogFile | Get-Content -Tail 20 | Select-String -Pattern 'm=TCPConnect'
}
英文:
You can use the @(...) array subexpression operator to force PowerShell to treat single-item output as an array:
# use @() to ensure `$FireEyeLogFiles` contains an array,
# regardless of whether there's 0, 1, or multiple files
$FireEyeLogFiles = @(Get-Item $filename*.txt)
# index `-1` will give you the last item in the array
$latestFireEyeLogFile = $FireEyeLogFiles[-1]
if (-not $latestFireEyeLogFile) {
Write-Warning "No log files found!"
}
else {
$latestFireEyeLogFile |Get-Content -Tail 20 |Select-String -Pattern 'm=TCPConnect'
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论