Here is the line of code
Get-content C:\Windows\System32\LogFiles\Firewall\pfirewall.log -Tail 0 -Wait | where {$_ -match “3389”}
Trying to tail the Firewall log file and display when certain ports are dropped. The above code works fine. But what I want to do is add more ports to look for. Example would be port 23. This needs to trigger if either one is found. I also would like to know how to require more than one criteria found to be displayed. Example would be port 3389 AND 192.168.1.100
But with this pattern you could catch the port 16230 as well. So depending on the format your firewall log you may add more specific patterns or another logic … maybe a two-stage process.
It shouldn’t be necessary but it should work this way.
But I wouldn’t use Notepad. Instead you should use either the PowerSehll_ISE or VSCode to develop/write code. Both have integrated consoles to be able to easily run your code and debug it if necessary.
Please when you post code format it as code using the preformatted textr button. Simply place your cursor on an empty line, click the button and paste your code.
I usual do use the ISE but since it was a single line and I am just copying and pasting I used notepad.
Once I get the syntax of the commands then I will start making my script. Have the email portion ready. Just can’t figure out why its not looking at both ports. I even tried using an array.
Here is a picture. The bottom powershell works. The top doesn’t
You completely changed the example and then claimed what he suggested didn’t work. He specifically created a regex pattern ‘3389|23’ and what you did is an array.
Well … it depends what you want to achieve. The pipe symbol in regex patterns means a logical “or”. If you’d provide a little more complete information we could help you much better.
What exactly and completely are you looking for? And how does a line from your log file look like? (When you post sample data like some lines from your log file please format them as code as well)
The goal is to watch the Windows Firewall log for any attempt to access it through port 3389, port 23, port 22, and maybe a few others. If it does happen it then sends an email.
Trying to write a program to watch the Windows Firewall log and send an email if anyone tries to access it using port 3389, 23, 22, and so on. Here is what I have so far.
So I believe this would work. Just have to add the additional ports. But I was also curious how to look at the log to also require multiple criteria to be met.
Here is one line from the log
2021-11-23 14:18:08 DROP TCP 192.168.10.67 192.168.10.230 50183 3389 52 S 4187760534 0 64240 - - - RECEIVE
Wow … please don’t get me wrong but reading your posts is like talking to a 12 year old by WhatsApp.
The topic seems to be a kind of professional and business related. I’d appreciate if you tried to communicate like a trained IT professional.
You should be clear about what exactly you want to do. For example: you mentioned something about ip addresses as well earlier but you did not now!?!?
If this should run as a script - maybe periodically by schedule - you cannot use -Tail 0 -Wait for your Get-Content command. Instead you’d need a process to avoid checking the same log entries again and again.
You may proceed with reading the following help topics:
You say to match port x, y, and z but then show an IP in your example. Regex is another technology you’re involving here so you need to consider it’s features and rules. The period character means “match any character” in regex and requires you to “escape” it with a backslash.
I agree with Olaf. Please slow down and read what we are saying, and then please respond to the specific discussion. Providing clear examples and samples of what you have, what you hope to achieve, what you’ve tried, and any errors or unexpected output, all formatted as code, will help us all help you more effectively.