egre55/IIS-LogParser.ps1

## IIS-LogParser.ps1
# author: @egre55

[CmdletBinding()]
param(
  [Parameter(Mandatory=$True)][string]$logfile
)

$host.UI.RawUI.BufferSize = new-object System.Management.Automation.Host.Size(600,20000)

while($true)
{
  Write-Output "`nWeb Server Log Interrogator`n"
  Write-Output "Using log file: $logfile`n"
  Write-Output "Log contains the following IP addresses (ordered by number of requests):"

  $content = Get-Content $logfile
  $regex = [regex] "\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b"
  $regex.Matches($content) | %{ $_.value } | Get-Unique | group | Sort -desc Count | Select Count, Name | Out-Host

  Write-Output "`nInput an IP address to display count of requested resources.`n"

  $ip = Read-Host -Prompt '> '
  get-content $logfile | select-string -pattern $ip -encoding ASCII > parsed-requests.txt
  $items = get-content parsed-requests.txt | %{ $_.Split(' ')[4]; }
  echo $items | Get-Unique | group | Sort -desc Count | Select Count, Name| Out-Host

  Write-Output "Do you want to see all requests the IP address sent for a particular resource?"

  $confirmation = Read-Host "Enter (y)es or (n)o)"

  if (($confirmation -eq 'n') -or ($confirmation -eq 'no')) {
    exit
  } else {
    $resource = Read-Host "Enter the resource - e.g. /admin"

    Select-String -Path "parsed-requests.txt" -Pattern "$resource" | Select Line | Out-Host

    Write-Output "Do you want to run another query?"

    $confirmation = Read-Host "Enter (y)es or (n)o)"

    if (($confirmation -eq 'n') -or ($confirmation -eq 'no')) {
      exit
    } else {
      continue
    }
  }
}
	# author: @egre55

	[CmdletBinding()]
	param(
	[Parameter(Mandatory=$True)][string]$logfile
	)

	$host.UI.RawUI.BufferSize = new-object System.Management.Automation.Host.Size(600,20000)

	while($true)
	{
	Write-Output "`nWeb Server Log Interrogator`n"
	Write-Output "Using log file: $logfile`n"
	Write-Output "Log contains the following IP addresses (ordered by number of requests):"

	$content = Get-Content $logfile
	$regex = [regex] "\b(?:(?:25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\b"
	$regex.Matches($content) \| %{ $_.value } \| Get-Unique \| group \| Sort -desc Count \| Select Count, Name \| Out-Host

	Write-Output "`nInput an IP address to display count of requested resources.`n"

	$ip = Read-Host -Prompt '> '
	get-content $logfile \| select-string -pattern $ip -encoding ASCII > parsed-requests.txt
	$items = get-content parsed-requests.txt \| %{ $_.Split(' ')[4]; }
	echo $items \| Get-Unique \| group \| Sort -desc Count \| Select Count, Name\| Out-Host

	Write-Output "Do you want to see all requests the IP address sent for a particular resource?"

	$confirmation = Read-Host "Enter (y)es or (n)o)"

	if (($confirmation -eq 'n') -or ($confirmation -eq 'no')) {
	exit
	} else {
	$resource = Read-Host "Enter the resource - e.g. /admin"

	Select-String -Path "parsed-requests.txt" -Pattern "$resource" \| Select Line \| Out-Host

	Write-Output "Do you want to run another query?"

	$confirmation = Read-Host "Enter (y)es or (n)o)"

	if (($confirmation -eq 'n') -or ($confirmation -eq 'no')) {
	exit
	} else {
	continue
	}
	}
	}