Search log files for ReturnCode:

We are using Microsoft Windows Malicious Software Removal Tool and it creates a log for each machine on the network. We have all the logs in one network folder. Example of the log:

Microsoft Windows Malicious Software Removal Tool v5.2, July 2013 (build 5.2.9201.0)
Started On Tue Aug 20 13:34:54 2013
Results Summary:

No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Aug 20 13:35:05 2013
Return code: 0 (0x0)

I am using this powershell script:

Get-ChildItem -Path “\ServerName\msft_log\Logs” -Filter “*.log” | Select-String “Return Code: 10” - works fine if the Return Code is 10

Get-ChildItem -Path “\Servername\msft_log\Logs” -Filter “*.log” | Select-String -Pattern Return Code:[1-13] - I need this one to work. It runs and I do not see any results or error messages

NOTE: The Return code: are 0 -13

Try a pattern of ‘Return code: \d+’ . [1-13] doesn’t mean quite what you intended in a regular expression.

Dave,
I did place the \d+ and it gave me everything. I did the following:
Get-ChildItem -Path “\Servername\msft_log\Logs” -Filter “*.log” | Select-String ‘Return Code: [1-13]’
and it gave my the results I wanted.

\servername\msft_log\Logs\computername$_mrt.log:83:Return code: 10 (0xa)
\servernam\msft_log\Logs\computername$_mrt.log:57:Return code: 1 (0x1)
\servernam\msft_log\Logs\computername$_mrt.log:57:Return code: 1 (0x1)

Thanks for your help

Try this pattern:

^Return code: [0-9][0-3]?

This is looking for a line starting with the pattern and matches any number from 0-13