Marcel Müller
no leída,22 ago 2015, 7:05:08 a.m.22/8/15No tienes permiso para borrar mensajes de este grupo
Acceder para denunciar el mensaje
Mostrar el mensaje original
Las direcciones de correo electrónico son anónimas para este grupo, o bien, necesitas un permiso que te permita visualizar las direcciones de correo electrónico de los miembros a fin de ver el mensaje original
para
Am 11.08.2015 um 05:35 schrieb T Ton:
> So I have this log file:
[...]
> Every time the string "1=Login" means the user connected to the
> system. Every time the string "Closing connection IP" means the user
> was disconnected from the system.
>
> Now I'm trying to determine "Did the user disconnected from the
> system? If so, did they try to reconnect back into the system?"
>
> I don't know how to approach this. Maybe find a way to keep a history
> of each users?
Quite correct, but you will need to not only keep a history of the
users, but of the corresponding IP, too. If logins happen purely
sequential (you get the request from one IP, the user logs in, you get a
request from another IP, another user logs in) this will be possible,
otherwise you'll get mix-ups (request from one IP 1, request from IP 2,
user A logs in in from IP 1, user B logs in from IP 2), since you cannot
reliably determine which user connected from which IP according to your log.
If sequential:
You will need to parse the file and filter for the service client (IP),
store that and look for the next login-request, store that one too and
then save both values:
<#
initialize $i with zero for the first element
make $list a hashtable
add new elements, which are (named) hashtables themselves
#>
$i = 0
$list = @{}
$list.add($i,@{user="PUT_USERNAME_HERE";ip="PUT_IP-ADDRESS_HERE"})
# or if you want to store a connection-status within each element
# $list.add
($i,@{user="PUT_USERNAME_HERE";ip="PUT_IP-ADDRESS_HERE";connected=$TRUE})
$i++
Later on, you can go through your list and display all users
for ($i=0; $i -lt $list.count; $i++) {$list[$i].user}
So you don't actually need to display them, you can do something else in
the {} block and figure out if a name has already been stored or
whatever you want:
for ($i=0;$i -lt $list.count; $i++) {if ($list[$i].user -eq "user1")
{write-host "match:" $list[$i].user "from IP:" $list[$i].ip}}
So when you parse your log, you can get the IP, then get the
corresponding login, store both values, maybe with an extra entry to
store the connection status; this way, you could check if there's an
existing connection and the user tries to open a second, parallel
connection. You can loop through the hashtable and search, if a string
you grab from your logfile already exists as a user-entry.
If you want to test for existing entries, before adding new ones, you
can create an array while parsing
$entry = @(0,1)
$entry[0] = "username"
$entry[1] = "IP"
Then have a boolean variable to store a possible match and loop through
the hashtable:
$previous = $false
for ($i=0;$i -lt $list.count; $i++) {if ($list[$i].user -eq $entry[0])
{$previous = $true}}
This way, you can test your hashtable before adding new entries to it:
if ($previous -eq $false) {$list.add ...} else {write-host "there
already is an entry with this username present"}
I have put the above code together for a quick test, so see for yourself
(change $entry[0] to something else to have no match and add the new entry):
$i = 0
$list = @{}
$list.add($i,@{user="user2";ip="2.2.2.2";status=$true})
$i++
$list.add($i,@{user="user1";ip="1.1.1.1";status=$true})
$i++
$list.add($i,@{user="user3";ip="3.3.3.3";status=$true})
$i++
$entry = @(0,1)
$entry[0]="user1"
$entry[1]="1.1.1.1"
$found_previous = $false
for ($i=0;$i -lt $list.count; $i++) {if ($list[$i].user -eq $entry[0])
{$found_previous = $true ; write-host "Found previous login:"
$list[$i].user "from IP:" $list[$i].ip}}
if ($found_previous -eq $false)
{$list.add($i,@{user=$entry[0];ip=$entry[1];status=$true})} else
{write-host "user already exists"}
I leave the parsing of your log to yourself. You can use select-string
or .substring-function to extract the data you'll need from your file to
store away.