I have, for the most part, simply lifted the code:
# Location of IIS LogFile
$File = "C:\inetpub\logs\LogFiles\W3SVC25824252\u_ex1104*.log"
# Get-Content gets the file, pipe to Where-Object and skip the first 3 lines.
$Log = Get-Content $File | where {$_ -notLike "#[D,S-V]*" }
# Replace unwanted text in the line containing the columns.
$Columns = (($Log[0].TrimEnd()) -replace "#Fields: ", "" -replace "-","" -replace "\(","" -replace "\)","").Split(" ")
# Count available Columns, used later
$Count = $Columns.Length
# Strip out the other rows that contain the header (happens on iisreset)
$Rows = $Log | where {$_ -notLike "#Fields"}
# Create an instance of a System.Data.DataTable
#Set-Variable -Name IISLog -Scope Global
$IISLog = New-Object System.Data.DataTable "IISLog"
# Loop through each Column, create a new column through Data.DataColumn and add it to the DataTable
foreach ($Column in $Columns) {
$NewColumn = New-Object System.Data.DataColumn $Column, ([string])
$IISLog.Columns.Add($NewColumn)
}
# Loop Through each Row and add the Rows.
foreach ($Row in $Rows) {
$Row = $Row.Split(" ")
$AddRow = $IISLog.newrow()
for($i=0;$i -lt $Count; $i++) {
$ColumnName = $Columns[$i]
$AddRow.$ColumnName = $Row[$i]
}
$IISLog.Rows.Add($AddRow)
}
$IISLog
Now, if you save this to a file such as iislog.ps1, then you can run commands like:
.\iislog.ps1 | Select-Object csusername | Sort-Object -Property csusername | Get-Unique -AsString
Note, there are some glaring deficiencies:
- Parameterize the specification of log files
- Handle column name changes
- Handle extra headers (these are saved upon iisreset) - done
- Stream results back out so that they can be used in a pipeline
I hope to fix these soon, but need to get to sleep.
