Need to add multiple values

Here is the line of code
Get-content C:\Windows\System32\LogFiles\Firewall\pfirewall.log -Tail 0 -Wait | where {$_ -match “3389”}

Trying to tail the Firewall log file and display when certain ports are dropped. The above code works fine. But what I want to do is add more ports to look for. Example would be port 23. This needs to trigger if either one is found. I also would like to know how to require more than one criteria found to be displayed. Example would be port 3389 AND 192.168.1.100

Kevin,
Welcome to the forum. :wave:t4:

A simple version would be this:

Get-Content -Path 'C:\Windows\System32\LogFiles\Firewall\pfirewall.log' -Tail 0 -Wait | 
    Where-Object { $_ -match '3389|23' }

But with this pattern you could catch the port 16230 as well. :wink: So depending on the format your firewall log you may add more specific patterns or another logic … maybe a two-stage process.

Thanks for the help but that does not work. All I get is a >>. Like its waiting for some sort of value to be put in.

You have to copy both lines and drop them together to your console … or you remove the line break and put it in one line

I copied both lines and put them into Notepad and fixed to be one line. Then copied that one line into powershell.
Is this not correct?

Get-Content -Path ‘C:\Windows\System32\LogFiles\Firewall\pfirewall.log’ -Tail 0 -Wait | Where-Object { $_ -match ‘3389|23’ }

It shouldn’t be necessary but it should work this way.

But I wouldn’t use Notepad. Instead you should use either the PowerSehll_ISE or VSCode to develop/write code. Both have integrated consoles to be able to easily run your code and debug it if necessary.

Please when you post code format it as code using the preformatted textr button. Simply place your cursor on an empty line, click the button and paste your code.

Thanks in advance.

I usual do use the ISE but since it was a single line and I am just copying and pasting I used notepad.
Once I get the syntax of the commands then I will start making my script. Have the email portion ready. Just can’t figure out why its not looking at both ports. I even tried using an array.
Here is a picture. The bottom powershell works. The top doesn’t

You completely changed the example and then claimed what he suggested didn’t work. He specifically created a regex pattern ‘3389|23’ and what you did is an array.

I have to agree with Doug. If you’re not able to copy and paste it’s going to be hard to help you. :wink:

OK, getting somewhere. Used ", “3389\23”, instead of ', ‘3389|23’, worked. Displayed the text if either was present

Yes, I could have sent a picture of what his code produced. I was just showing another way of trying to accomplish what I wanted.

What’s wrong with copy and paste? :smirk:

Did you know - you can mark some lines in your ISE and hit F8 to run only the marked lines. That’s how we develop PowerShell code. :wink:

Get-Content -Path 'C:\Windows\System32\LogFiles\Firewall\pfirewall.log' -Tail 0 -Wait | Where-Object { $_ -match "3389|192.168.10.67" }

Like that? :slight_smile:

Well … it depends what you want to achieve. The pipe symbol in regex patterns means a logical “or”. If you’d provide a little more complete information we could help you much better.

What exactly and completely are you looking for? And how does a line from your log file look like? (When you post sample data like some lines from your log file please format them as code as well)

The goal is to watch the Windows Firewall log for any attempt to access it through port 3389, port 23, port 22, and maybe a few others. If it does happen it then sends an email.

Trying to write a program to watch the Windows Firewall log and send an email if anyone tries to access it using port 3389, 23, 22, and so on. Here is what I have so far.

$MsgParam = @{
    
	To = "MyEmail@mydomain.com" 
    
	From = "server@myDomain.com" 
    
	Subject = "Access Attempt" 
    
	smtpServer = "myserver"
}


Get-content C:\Windows\System32\LogFiles\Firewall\pfirewall.log -Tail 0 -Wait | where {$_ -match "3389|23"} | ForEach {

	Send-mailMessage @MsgParam

}

So I believe this would work. Just have to add the additional ports. But I was also curious how to look at the log to also require multiple criteria to be met.
Here is one line from the log

2021-11-23 14:18:08 DROP TCP 192.168.10.67 192.168.10.230 50183 3389 52 S 4187760534 0 64240 - - - RECEIVE

Another problem solved. This code requires both criteria to be met

Get-Content -Path 'C:\test\pfirewall.log' -Tail 0 -Wait | Where-Object {( $_ -match "3389" -and $_ -match "192.168.10.")}

Not sure if this is the cleanest way if adding more criteria.

Wow … please don’t get me wrong but reading your posts is like talking to a 12 year old by WhatsApp. :face_with_raised_eyebrow:

The topic seems to be a kind of professional and business related. I’d appreciate if you tried to communicate like a trained IT professional.

You should be clear about what exactly you want to do. For example: you mentioned something about ip addresses as well earlier but you did not now!?!? :wink:

If this should run as a script - maybe periodically by schedule - you cannot use -Tail 0 -Wait for your Get-Content command. Instead you’d need a process to avoid checking the same log entries again and again.

You may proceed with reading the following help topics:

https://www.regular-expressions.info/

and you may watch this video: 6 Weltner Sophisitcated Techniques of Plain Text Parsing - YouTube

You say to match port x, y, and z but then show an IP in your example. Regex is another technology you’re involving here so you need to consider it’s features and rules. The period character means “match any character” in regex and requires you to “escape” it with a backslash.

I agree with Olaf. Please slow down and read what we are saying, and then please respond to the specific discussion. Providing clear examples and samples of what you have, what you hope to achieve, what you’ve tried, and any errors or unexpected output, all formatted as code, will help us all help you more effectively.