Home > Software design >  Log and read only last 10 minutes
Log and read only last 10 minutes

Time:03-10

I am begginer in Powershell and I have a problem with script.

I have a log and I need to send an email notification with an error. I would like to plan a task (TASK SCHEDULE) that will run my script regularly every ten minutes. This script verifies the last lines written in the last ten minutes. If the word ERROR is found, it will send an e-mail with this line where is the word ERROR.

My log:

2022-02-08 12:04:35,152 [105] ERROR RSeC.NET.RedundantHttpClient - No server found
2022-02-08 14:28:51,317 [4] DEBUG RSeC.NET.RSeC - Logging initialised
2022-02-08 14:28:53,835 [4] DEBUG RSeC.NET.JsonParser - Response binary data decoded. Size=424132
2022-02-08 14:29:20,494 [105] DEBUG RSeC.NET.RSeC - Logging initialised
2022-02-08 15:38:35,152 [105] ERROR RSeC.NET.RedundantHttpClient - No server found
2022-03-08 15:28:51,317 [4] DEBUG RSeC.NET.RSeC - Logging initialised
2022-03-08 15:28:53,835 [4] DEBUG RSeC.NET.JsonParser - Response binary data decoded. Size=424132
2022-03-08 15:39:20,494 [105] DEBUG RSeC.NET.RSeC - Logging initialised
2022-03-08 15:39:35,152 [105] ERROR RSeC.NET.RedundantHttpClient - No server found

My script :-(

$file = "C:\Soubory\esel.log"
$date = (Get-Date).AddDays(-50).Date

$cont = Get-Content -Path $file | Select-String -Pattern $date | Select-String "ERROR" | Measure-Object -line
   Foreach-Object {
     if ($cont -match "ERROR")
        {
        $kontent = Get-Content -Path $file | Select-String -Pattern $date | Select-String "ERROR" | Measure-Object -line
        Write-Host $cont
        }
     else 
        {
        #NOTING
        }   
                  }

Thank You for help

GILD

CodePudding user response:

I think Lee_Dailey gave you the answer in his comment.

Simply figure out the worst-case scenario to read the bottom number of lines of the file, where you can be certain the last ten minutes are in there.

Then do:

$maxLines       = 20  # just a guess here, but you can narrow the number of lines to read by trial and error
$lastTenMinutes = (Get-Date).AddMinutes(-10)
$errorLines     = Get-Content -Path 'C:\Soubory\esel.log' -Tail $maxLines | 
                  Where-Object { [datetime]($_ -split ',')[0] -gt $lastTenMinutes -and $_ -match 'ERROR' }

# test if there were error lines found
if (@($errorLines).Count) {
    # send your email alert.
    # If this email is in HTML format, use: $errorLines -join '<br>'
    # if the email is plain text, join with newlines: $errorLines -join [environment]::NewLine
    # for demo just output to console
    Write-Host ("Errors found:`r`n{0}" -f ($errorLines -join [environment]::NewLine))
}
else {
    Write-Host "No error lines found" -ForegroundColor Green
}

On my Dutch locale, [datetime]($_ -split ',')[0] parses the date correctly, but on your machine you may have to use [datetime]::ParseExact(($_ -split ',')[0], 'yyyy-MM-dd HH:mm:ss', $null)

CodePudding user response:

It looks like a csv without the header, and I can compare the first column like it's a date and time, so:

import-csv log -header time,message | 
  where { (get-date).AddMinutes(-10) -lt $_.time -and 
          $_.message -match 'error' }

time                message
----                -------
2022-03-09 10:11:35 152 [105] ERROR RSeC.NET.RedundantHttpClient - No server found

I would use the windows event log for easier filtering.

Page link:https//www.codepudding.com/Softwaredesign/329166.html

Prev:Output Substring to Newline from a Raw Text String using Regex
Next:How to get nested objects in Get-EventLog output?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding