by WinstonTheCat at 2012-11-22 05:21:31
I’ve been trying to search log files in Malwarebytes for specific text e.g. “chrome.exe” or “skype.exe” and then return the filename and result.by MattG at 2012-11-22 05:52:01
This is my current script which for some reason will not work
$searchFor = read-host "String to search for "
$0 = $myInvocation.MyCommand.Definition
$dp0 = [System.IO.Path]::GetDirectoryName($0)
$parseInfo = "$dp0_logInfo.txt"
Get-ChildItem -recurse | Get-Content | Select-String -pattern “$searchFor” | select -unique path |out-file -Encoding ascii “$parseInfo” -append
This is the path name:
No output is given when running it.
A few suggestions:by WinstonTheCat at 2012-11-22 06:22:56
* What’s the intent of using $myInvocation.MyCommand.Definition? I assume you’re trying to get the path of your running script which is running in the same directory as your log file. If you want to get the path from which your script was executed, use $PSScriptRoot. $myInvocation.MyCommand.Definition returns the contents of your script.
* Use Split-Path instead of [System.IO.Path]::GetDirectoryName.
* Consider using Join-Path $dp0 ‘_logInfo.txt’. It’s a little cleaner in my opinion.
* I assume you meant to delete $parseInfo rather than $pasteInfo
* When calling Get-ChildItem -Recurse, I would filter on the type of file you’re interested in (e.g. ‘-Include ‘*.txt’’). Otherwise, you may be searching files that don’t need to be searched. Also, you may be calling Get-Content on directories.
Overall, I think you should make this script a little more generic. Have it take at least two parameters - path to log file directory and search string (or an array of search strings). Lastly, try to stick with the PowerShell cmdlets when you can.
That should get you going.
Thanks, although when attempting to use $PSScriptRoot it turns up Null/Empty. Any idea why?by MattG at 2012-11-22 06:36:07
Are you pasting the contents of your script into the console? If so, it will return an empty string because it’s not executing from a file. It will only return the path if you dot-source your script (. C:\Search-MalwareBytesLogs.ps1).by WinstonTheCat at 2012-11-22 07:42:17
It is executing from a file. I’m running it from a .ps1 , empty/null variableby MattG at 2012-11-22 08:16:33
I saved the following code to C:\test.ps1:by WinstonTheCat at 2012-11-22 10:44:02
Write-Host "Executing from the following directory: $PSScriptRoot"It returned the following:
PS C:\Users\test\Desktop> . .\test.ps1
Executing from the following directory: C:\Users\test\Desktop
Attempting that code I get:by DexterPOSH at 2012-11-23 15:30:03
PS C:\Users\test> C:\Users\test\Documents\test.ps1
Executing from the following directory:
The variable is in my Powershell help, but it doesnt work
Hi WinstonTheCat ,by WinstonTheCat at 2012-11-25 13:39:12
I think MattG here is using the $PSSCriptRoot in Powershell v3 (where it works fine) .
If you are using Powershell v2 the $PSSCriptRoot variable only works for the module or psm1 file.
Below is the link to the feeback at Connect addressing this issue
Thanks Dexter,by DexterPOSH at 2012-11-26 01:53:05
That is the reason as to why. I am using Powershell v2 which doesn’t work with scripts then.
Thanks to you and MattG,
Learned that this works on PowerShell v3, otherwise had the thought it worked with modules only.