Select-String Netlogon.log file

PowerShell Help
1

Hi Guys.

Hoping someone may be able to provide some assistance. I am trying to search the netlogon.log file and look for the line below.

Domain\Administrator from Rdesktop (via DCNAMEHERE) Returns 0xC000006A

First I need it to find that and if it does to send an email. The email bit i can work on later but i am struggling to get it to find it in the file even though that line is present.

Thanks in advance for any assistance

$LogSavePath="C:\temp\netlogon"
$computers = Get-Content C:\computers.txt

foreach ($d in $computers) {
    $output = @{'DomainController' = $d}
    $clients = Select-String -Pattern 'Domain\Administrator' -Path "\\$d\C$\temp\netlogon\$computer-Netlogon.log" | foreach {
        $_.Matches.Groups[1].Value
    } | Group-Object
}
2

In regex the backslash is a special character. If you want to find one literally you have to escape it with a backslash. :wink: Another solution would be to use the parameter -SimpleMatch what tells Select-String NOT to use a regex search.
If you don’t want to think about escaping special characters you can use the .Escape() method of the [regex] type like this:

[REgex]::Escape('Domain\Administrator')
3

Thanks. Do you have an example of using that in my script as i am going around and around and nothing seems to be working.

4

:smirk: Instead of 'Domain\Administrator' you do 'Domain\\Administrator'

1 Like
5

Thank you so much. That’s returned the data I wanted from the log. As they say every day is a school day and i you have passed some knowledge along. I have never worked with Select-Strings before.

The code i have below to complete this post is below. It now returns what i want.

Thank you again. Much appreciated.

$LogSavePath="C:\temp\netlogon"
$computers = Get-Content C:\computers.txt

foreach ($d in $computers) {
    $output = @{'DomainController' = $d}
    $clients = Select-String -AllMatches 'domain\\Administrator (.*)' -Path "\\$d\C$\temp\netlogon\$computer-Netlogon.log" | foreach {
           $_.Matches.Groups[1].Value
    } | Group-Object

 if ($clients) {
        $clients | foreach {
            $output.Client = $_.Name
            [pscustomobject]$output
        }
    }
}