我如何能够获取从文件中提取的一串IP并将它们写入Powershell中的STDOUT,而不会获得重复的IP?我需要这样做,以便我可以计算日志文件中的 IP 和端口。
function Get-Log{
$totalIP = 0
$totalPRT = 0
$logs = gc .sample.log | sls "INext-Drop-DEFLT"
$probes = $logs | foreach-object{$_.Line -match "SRC=([^ ]*).*s*DPT=(d*)">$null;$Matches[1], $Matches[2] -join ":"
}
$probes | foreach-object{$_ -match "(d*.d*.d*.d*):(d*)">$null;
if ($matches[1]){
$totalIP += 1
}
if ($matches[2]){
$totalPRT += 1
}
Write-Host "This IP: "$matches[1] "scanned port number: "$matches[2]
}
Write-Host "$totalIP $totalPRT"
}
样品.log:
Jan 29 00:00:28 myth kernel: SFW2-INext-DROP-DEFLT IN=ppp0 OUT= MAC= SRC=24.64.208.134 DST=216.58.112.55 LEN=512 TOS=0x00 PREC=0x00 TTL=70 ID=55012 PROTO=UDP SPT=24128 DPT=1026 LEN=492
Jan 29 00:00:28 myth kernel: SFW2-INext-DROP-DEFLT IN=ppp0 OUT= MAC= SRC=24.64.208.134 DST=216.58.112.55 LEN=512 TOS=0x00 PREC=0x00 TTL=70 ID=55013 PROTO=UDP SPT=24128 DPT=1027 LEN=492
Jan 29 00:00:28 myth kernel: SFW2-INext-DROP-DEFLT IN=ppp0 OUT= MAC= SRC=24.64.208.134 DST=216.58.112.55 LEN=512 TOS=0x00 PREC=0x00 TTL=70 ID=55014 PROTO=UDP SPT=24128 DPT=1028 LEN=492
Jan 29 00:01:54 myth kernel: SFW2-INext-DROP-DEFLT IN=ppp0 OUT= MAC= SRC=207.68.178.56 DST=216.58.112.55 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=24105 PROTO=TCP SPT=80 DPT=2540 WINDOW=9300 RES=0x00 RST URGP=0
Jan 29 00:02:24 myth kernel: SFW2-INext-ACC-TCP IN=ppp0 OUT= MAC= SRC=123.112.87.126 DST=216.58.112.55 LEN=44 TOS=0x00 PREC=0x00 TTL=107 ID=18618 PROTO=TCP SPT=53185 DPT=25 WINDOW=24000 RES=0x00 SYN URGP=0 OPT (02040218)
Jan 29 00:02:42 myth kernel: SFW2-FWDint-ACC-FORW IN=eth0 OUT=ppp0 SRC=192.168.17.24 DST=192.168.9.51 LEN=235 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=215
Jan 29 00:02:42 myth kernel: SFW2-FWDint-ACC-FORW IN=eth0 OUT=ppp0 SRC=192.168.17.24 DST=192.168.10.60 LEN=235 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=215
Jan 29 00:02:42 myth kernel: SFW2-FWDint-ACC-FORW IN=eth0 OUT=ppp0 SRC=192.168.17.24 DST=192.168.9.51 LEN=204 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=184
使用当前逻辑,可以执行以下操作:
$IPsAndPorts = Get-Content sample.log |
Select-String -Pattern 'DROP-DEFLT.*?SRC=([d.]+).*?DPT=(d+)' | ForeachObject {
[pscustomobject]@{
IP = $_.matches.groups[1].value
Port = $_.matches.groups[2].value
}
}
$IPsAndPorts
"Unique IP Count: {0} and Unique Port Count: {1}" -f ($IPsAndPorts.IP | Select -Unique).count,($IPsAndPorts.Port | Select -Unique).count
$IPsAndPorts将包含一个属性为IP和Port的对象数组。从该数组中,您可以执行计数和/或筛选唯一性。