Powershell Regex

Hi All,

Below is the logs which i wanted to modify.


I want to create 3 columns : Date, Message, Sender details
Condition is only show the details for one having the message : Rejected-SenderDomainNotAllowed

Can someone please suggest some regex and way to put the details in this columns either through PSCustomObject or anything which is better.

Thanks in advance.

Example :

Date Message Sender details

7/4/2017 Rejected-SenderDomainNotAllowed sales@test.com

If each line begins with a date and ends with an email, this should work.

$log = (Get-Content .\logfile.txt)
$regex1 = 
"(?'date'.*\d{4}) .*Msg:(?'Msg'Rejected-SenderDomainNotAllowed) .*Recipients: (?'Sender'.*)"

$result = 
foreach ($l in $log){
    If ($l -match $regex1){[PSCustomObject]@{
        Date = $Matches['Date']
        Message = $Matches['Msg']
        Sender = $Matches['Sender']}


Actually there a new line, hence not matching this regex : “(?‘date’.*\d{4}) .*Msg:(?'Msg’Rejected-SenderDomainNotAllowed) .Recipients: (?‘Sender’.)”

7/4/2017 12:59:36 AM 9953AD61A91E41588C8E5F9072E511AF.MAI Msg:Passed-ClientIPNotLocal AuthStatus:0
Sender: fkjevwts@lankaormers.com Recipients: info@goiitytech.com

also $log is taken as array, so when passing values of $l it is sending line by line like $log[0] 7/4/2017 12:59:36 AM 9953AD61A91E41588C8E5F9072E511AF.MAI Msg:Passed-ClientIPNotLocal AuthStatus:0, then log[1]ClientIP: etc. Hence its not matching

I tried to add new line in regex still it doesn’t work. Please suggest

Slightly different take on it and you need to solve the changes in dates.
I just hard coded it for proof of concept.
The best way if possible is if you can make sure that the original data is in a format that is more easily managed.
E.g. some specific delimiter between the “per-row-content” rather than newline as it seems to be inserted here an there.

Anyway, here is an example of what you could do.
What it basically does is take the whole file as just one big string.
Removes the new lines, then insert a new line before the date.
Then using ConvertFrom-String to create columns and name them.
Then just using normal where and select to get the data you want.

$textfile = Get-Content -Path .\gistfile1.txt -Raw

$textfile = $textfile.Replace("`n","")
$textfile = $textfile.Replace("7/4/2017","`n7/4/2017")

$splitString = $textfile -split "`n"
$data = $splitString | convertfrom-string -PropertyNames Date,Time,AM_PM,P1,Message,Status,ClientIP,P2,Sender,P3,Recipient

$data.Where({$_.Message -like "*Rejected-SenderDomainNotAllowed"}) | select Date,Message,Sender

Can that be done with convertfrom-string? I was trying this template, but it didn’t work ($testText is a here-string with all the data):

$template = @'
{Date*:7/4/2017}, {Message:Passed-ClientIPNotLocal}, {Sender:xkkah@abc.com}
{Date*:7/4/2017}, {Message:Rejected-SenderDomainNotAllowed}, {Sender:kuzovpare@gmail.com}

$testText | ConvertFrom-String -TemplateContent $template

ConvertFrom-String : ConvertFrom-String appears to be having trouble parsing your data using the template you've
provided. We'd love to take a look at what went wrong, if you'd like to share the data and template used to parse it.
We've saved these files to C:\Users\admin\AppData\Local\Temp\k3g5buf0.2t5.input.txt and
C:\Users\ccfadmin\AppData\Local\Temp\k3g5buf0.2t5-0.template.txt - feel free to attach them in a mail to
psdmfb@microsoft.com. We will review all submissions, although we can't guarantee a response.
At C:\Users\ccfadmin\convert.ps1:69 char:13
+ $testText | ConvertFrom-String -TemplateContent $template
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidResult: (:) [ConvertFrom-String], ResultNotFoundException
    + FullyQualifiedErrorId : ResultNotFound,Microsoft.PowerShell.Commands.StringManipulation.ConvertFromStringCommand

Ok, this should work. Select-String cmdlet will match your line plus the next two.

$source = Get-ChildItem .\logfile.txt
# Match lines and get next two lines
$string = Select-String -Path $source -Pattern 'Rejected-SenderDomain' -Context 0,2

# Create objects
foreach ($s in $string){
    $regex1 = "(?'date'.*\d{4}) .*Msg:(?'Msg'Rejected-SenderDomainNotAllowed)"
    [void]($s.Line -match $regex1) ; $Matches1 = $Matches
    [void]($s.Context.DisplayPostContext -join ' ' -match "Recipients: (?'rec'.*)")
        Date = $Matches1['Date']
        Message = $Matches1['Msg']
        Sender = $Matches['rec']}