小贝子编程

Powershell中多个输出到同一个csv文件



我试图导出在多个组策略对象中指定的防火墙规则,并希望在导出的文件中包含GPO的名称。所以我试着把我的字符串变量$Policy,并把它塞进csv文件,每次新的gpo被解析,但所有我得到的是gpo的名字,而不是从Get-NetFirewallRule字段。当然,如果我删除$policy | Out-File $env:tempgpos.csv -Append -Force行,然后我从Get-NetFirewallRule中得到所有字段-但它们都在一个大的csv文件上,我无法确定它们的源GPO。


foreach ($policy in $PolicyObjects) {
$GPO = Open-NetGPO -PolicyStore "contoso.com$policy"
$policy | Out-File $env:tempgpos.csv  -Append -Force
Get-NetFirewallRule -GPOSession $GPO  | 
Select Name,
DisplayName,
DisplayGroup,
@{Name='Protocol';Expression={($PSItem | Get-NetFirewallPortFilter).Protocol}},
@{Name='LocalPort';Expression={($PSItem | Get-NetFirewallPortFilter).LocalPort}},
@{Name='RemotePort';Expression={($PSItem | Get-NetFirewallPortFilter).RemotePort}},
@{Name='RemoteAddress';Expression={($PSItem | Get-NetFirewallAddressFilter).RemoteAddress}},
Enabled,
Profile,
Direction,
Action | Export-CSV $env:tempgpos.csv -Append -Force
}
Start-Process notepad $env:tempgpos.csv

似乎您的$PolicyObjects是您的组策略显示名称的列表。我会用下面的一种方式来加强你的代码。

$PolicyObjects | ForEach-Object {
$GPO = Open-NetGPO -PolicyStore "contoso.com$_"
foreach($rule in Get-NetFirewallRule -GPOSession $GPO)
{
$portfilter    = $rule | Get-NetFirewallPortFilter
$addressfilter = $rule | Get-NetFirewallAddressFilter
[PSCustomObject]@{
GPOName       = $_
RuleName      = $rule.name
DisplayName   = $rule.displayname
DisplayGroup  = $rule.displaygroup
Protocol      = $portfilter.Protocol
LocalPort     = $portfilter.LocalPort
RemotePort    = $portfilter.RemotePort
RemoteAddress = $addressfilter.RemoteAddress
Enabled       = $rule.enabled
Profile       = $rule.profile
Direction     = $rule.direction
Action        = $rule.action
}
}
} | Export-CSV $env:tempgpos.csv -Force
Start-Process notepad $env:tempgpos.csv 


$csvdata = foreach($policy in $PolicyObjects)
{
$GPO = Open-NetGPO -PolicyStore "contoso.com$policy"
foreach($rule in Get-NetFirewallRule -GPOSession $GPO)
{
$portfilter    = $rule | Get-NetFirewallPortFilter
$addressfilter = $rule | Get-NetFirewallAddressFilter
[PSCustomObject]@{
GPOName       = $policy
RuleName      = $rule.name
DisplayName   = $rule.displayname
DisplayGroup  = $rule.displaygroup
Protocol      = $portfilter.Protocol
LocalPort     = $portfilter.LocalPort
RemotePort    = $portfilter.RemotePort
RemoteAddress = $addressfilter.RemoteAddress
Enabled       = $rule.enabled
Profile       = $rule.profile
Direction     = $rule.direction
Action        = $rule.action
}
}
}
$csvdata | Export-CSV $env:tempgpos.csv -Force
Start-Process notepad $env:tempgpos.csv

在第一个示例中,我们将外部循环更改为Foreach-Object,以利用管道和直接管道到Export-Csv

第二次捕获所有输出,然后导出。

在这两种情况下,我们通过将打开/写入文件限制为一次来限制执行时间,将每个规则的portfilter调用限制为一次而不是3次,并且我们使用[PSCustomObject]类型加速器来构造最终对象,而不是使用计算表达式管道到Select-Object。如果我理解正确的话,两者都应该达到你想要的结果。

这有什么区别吗?

$csv=foreach ($policy in $PolicyObjects) {
$GPO = Open-NetGPO -PolicyStore "contoso.com$policy"
$policy | Out-File $env:tempgpos.csv  -Append -Force
Get-NetFirewallRule -GPOSession $GPO  | 
Select Name,
DisplayName,
DisplayGroup,
@{Name='Protocol';Expression={($PSItem | Get-NetFirewallPortFilter).Protocol}},
@{Name='LocalPort';Expression={($PSItem | Get-NetFirewallPortFilter).LocalPort}},
@{Name='RemotePort';Expression={($PSItem | Get-NetFirewallPortFilter).RemotePort}},
@{Name='RemoteAddress';Expression={($PSItem | Get-NetFirewallAddressFilter).RemoteAddress}},
Enabled,
Profile,
Direction,
Action 
}
$csv | Export-CSV $env:tempgpos.csv -Append -Force
Start-Process notepad $env:tempgpos.csv

当目标文件与结构不匹配时,不可能使用Export-Csv附加数据。

在您的情况下,Export-Csv试图从列$policy中附加值,该列不存在。因此它添加了$null

对于一个有效的CSV文件,您必须在使用Export-Csv之前将所有内容合并到一个对象中。

尝试下面的方法,应该工作得更快,因为它不会对同一项多次使用Get-NetFirewallAddressFilter,而每个GPO-Session只使用一次.

不幸的是,我不能用GPO-Session测试它,但由于参数-GPOSession存在于Get-NetFirewallPortFilterGet-NetFirewallAddressFilter,它可能工作。如果您只想在本地测试它,您只需要删除外部foreach-loop和所有与GPOSession相关的命令和参数。Open-NetGPO-GPOSession

在为本地防火墙规则构建报告时,我的方法与分别为每个规则检索端口和地址过滤器(即使每个规则只有一次)的比较:

我的方法:<2秒>
其他:>3分钟(对每条规则使用一次get - netfirewall *Filter)

代码需要一个提升的控制台!

#requires -RunAsAdministrator
$ruleReport = [System.Collections.Generic.List[psobject]]::new()
foreach ($policy in $PolicyObjects) {
<#
if you want to append to file after each policy, place the list here instead of above
$ruleReport = [System.Collections.Generic.List[psobject]]::new()
#>
$GPO   = Open-NetGPO -PolicyStore "contoso.com$policy"
$rules = Get-NetFirewallRule -GPOSession $GPO
# retrieving filters once in advance speeds up the execution extremely! (Requires elevated session to get all filters)
# local execution time with that approach reduces the execution time from   >3 minutes  TO   <2 seconds
$portFilters    = Get-NetFirewallPortFilter -All -GPOSession $GPO
$addressFilters = Get-NetFirewallAddressFilter -All -GPOSession $GPO
# build dictionary for port filters for rule lookups
$portFilterDict    = [System.Collections.Generic.Dictionary[[string], [ciminstance]]]::new()
foreach ($portFilter in $portFilters) {
$portFilterDict.Add($portFilter.InstanceID, $portFilter)
}
# build dictionary for addresss filters for rule lookups
$addressFilterDict = [System.Collections.Generic.Dictionary[[string], [ciminstance]]]::new()
foreach ($addressFilter in $addressFilters) {
$addressFilterDict.Add($addressFilter.InstanceID, $addressFilter)
}

foreach ($rule in $rules) {
$ruleInstanceId    = $rule.InstanceID
$rulePortFilter    = $portFilterDict[$ruleInstanceId]
$ruleAddressFilter = $addressFilterDict[$ruleInstanceId]
# build combined object
$ruleReportItem = [pscustomobject][ordered]@{
Policy        = $policy
Name          = $rule.Name
DisplayName   = $rule.DisplayName
DisplayGroup  = $rule.DisplayGroup
Protocol      = $rulePortFilter.Protocol
LocalPort     = $rulePortFilter.LocalPort
RemotePort    = $rulePortFilter.RemotePort
RemoteAddress = $ruleAddressFilter.RemoteAddress
Enabled       = $rule.Enabled
Profile       = $rule.Profiles
Direction     = $rule.Direction
Action        = $rule.Action
}
# append to list
$ruleReport.Add($ruleReportItem)
}
<#
if you want to append to file after each policy, place the export here instead of below
$ruleReport | Export-Csv $env:tempgpos.csv -Append
#>
}
$ruleReport | Export-Csv $env:tempgpos.csv

本地防火墙规则

要测试仅针对本地防火墙规则的方法,请使用此脚本。
此脚本添加每个规则的所有可用信息,并需要一个提升的控制台。

#requires -RunAsAdministrator
$ruleReport = [System.Collections.Generic.List[psobject]]::new()
$rules                = Get-NetFirewallRule
$portFilters          = Get-NetFirewallPortFilter -All
$addressFilters       = Get-NetFirewallAddressFilter -All
$applicationFilters   = Get-NetFirewallApplicationFilter -All
$interfaceFilters     = Get-NetFirewallInterfaceFilter -All
$interfaceTypeFilters = Get-NetFirewallInterfaceTypeFilter -All
$securityFilters      = Get-NetFirewallSecurityFilter -All
$serviceFilters       = Get-NetFirewallServiceFilter -All

$portFilterDict = [System.Collections.Generic.Dictionary[[string], [ciminstance]]]::new()
foreach ($filter in $portFilters) {
$portFilterDict.Add($filter.InstanceID, $filter)
}
$addressFilterDict = [System.Collections.Generic.Dictionary[[string], [ciminstance]]]::new()
foreach ($filter in $addressFilters) {
$addressFilterDict.Add($filter.InstanceID, $filter)
}
$applicationFiltersDict = [System.Collections.Generic.Dictionary[[string], [ciminstance]]]::new()
foreach ($filter in $applicationFilters) {
$applicationFiltersDict.Add($filter.InstanceID, $filter)
}
$interfaceFiltersDict = [System.Collections.Generic.Dictionary[[string], [ciminstance]]]::new()
foreach ($filter in $interfaceFilters) {
$interfaceFiltersDict.Add($filter.InstanceID, $filter)
}

$interfaceTypeFiltersDict = [System.Collections.Generic.Dictionary[[string], [ciminstance]]]::new()
foreach ($filter in $interfaceTypeFilters) {
$interfaceTypeFiltersDict.Add($filter.InstanceID, $filter)
}

$securityFiltersDict = [System.Collections.Generic.Dictionary[[string], [ciminstance]]]::new()
foreach ($filter in $securityFilters) {
$securityFiltersDict.Add($filter.InstanceID, $filter)
}

$serviceFiltersDict = [System.Collections.Generic.Dictionary[[string], [ciminstance]]]::new()
foreach ($filter in $serviceFilters) {
$serviceFiltersDict.Add($filter.InstanceID, $filter)
}


$cimClassProperties = 'CimClass', 'CimInstanceProperties', 'CimSystemProperties'
$cimClassPropertiesLookup = [System.Collections.Generic.HashSet[string]]::new([System.StringComparer]::OrdinalIgnoreCase)
foreach ($cimClassProperty in $cimClassProperties) {
[void] $cimClassPropertiesLookup.Add($cimClassProperty)
}

foreach ($rule in $rules) {
$ruleInstanceId      = $rule.InstanceID
$portFilter          = $portFilterDict[$ruleInstanceId]
$addressFilter       = $addressFilterDict[$ruleInstanceId]
$applicationFilter   = $applicationFiltersDict[$ruleInstanceId]
$interfaceFilter     = $interfaceFiltersDict[$ruleInstanceId]
$interfaceTypeFilter = $interfaceTypeFiltersDict[$ruleInstanceId]
$securityFilter      = $securityFiltersDict[$ruleInstanceId]
$serviceFilter       = $serviceFiltersDict[$ruleInstanceId]
$ruleReportItemProps = [ordered]@{
RuleDisplayName            = $rule.DisplayName
RuleDescription            = $rule.Description
RuleEnabled                = $rule.Enabled
RuleProfile                = $rule.Profile
RuleAction                 = $rule.Action
RuleDirection              = $rule.Direction
PortFilterProtocol         = $rulePortFilter.Protocol
PortFilterLocalPort        = $rulePortFilter.LocalPort
PortFilterRemotePort       = $rulePortFilter.RemotePort
AddressFilterRemoteAddress = $ruleAddressFilter.RemoteAddress
ApplicationFilterProgram   = $applicationFilter.Program
}
foreach ($prop in $rule.psobject.Properties) {
$propName = 'Rule' + $prop.Name
if (-not $ruleReportItemProps.Contains($propName ) -and -not $cimClassPropertiesLookup.Contains($prop.Name)) {
$ruleReportItemProps.Add($propName , $prop.Value)
}
}
foreach ($prop in $portFilter.psobject.Properties) {
$propName = 'PortFilter' + $prop.Name
if (-not $ruleReportItemProps.Contains($propName) -and -not $cimClassPropertiesLookup.Contains($prop.Name)) {
$ruleReportItemProps.Add($propName, $prop.Value)
}
}
foreach ($prop in $addressFilter.psobject.Properties) {
$propName = 'AddressFilter' + $prop.Name
if (-not $ruleReportItemProps.Contains($propName) -and -not $cimClassPropertiesLookup.Contains($prop.Name)) {
$ruleReportItemProps.Add($propName, $prop.Value)
}
}
foreach ($prop in $applicationFilter.psobject.Properties) {
$propName = 'ApplicationFilter' + $prop.Name
if (-not $ruleReportItemProps.Contains($propName) -and -not $cimClassPropertiesLookup.Contains($prop.Name)) {
$ruleReportItemProps.Add($propName, $prop.Value)
}
}
foreach ($prop in $interfaceFilter.psobject.Properties) {
$propName = 'InterfaceFilter' + $prop.Name
if (-not $ruleReportItemProps.Contains($propName) -and -not $cimClassPropertiesLookup.Contains($prop.Name)) {
$ruleReportItemProps.Add($propName, $prop.Value)
}
}
foreach ($prop in $interfaceTypeFilter.psobject.Properties) {
$propName = 'InterfaceTypeFilter' + $prop.Name
if (-not $ruleReportItemProps.Contains($propName) -and -not $cimClassPropertiesLookup.Contains($prop.Name)) {
$ruleReportItemProps.Add($propName, $prop.Value)
}
}
foreach ($prop in $securityFilter.psobject.Properties) {
$propName = 'SecurityFilter' + $prop.Name
if (-not $ruleReportItemProps.Contains($propName) -and -not $cimClassPropertiesLookup.Contains($prop.Name)) {
$ruleReportItemProps.Add($propName, $prop.Value)
}
}
foreach ($prop in $serviceFilter.psobject.Properties) {
$propName = 'ServiceFilter' + $prop.Name
if (-not $ruleReportItemProps.Contains($propName) -and -not $cimClassPropertiesLookup.Contains($prop.Name)) {
$ruleReportItemProps.Add($propName, $prop.Value)
}
}
$ruleReport.Add([pscustomobject]$ruleReportItemProps)
}
$ruleReport | Sort-Object RuleEnabled, RuleDisplayName, RuleProfile | ogv

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium