INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

Parse logfile for IPs, exclude internal IPs from output

Parse logfile for IPs, exclude internal IPs from output

(OP)
I have a script that reads the contents of several months of Firewall logs in a folder, using the following commands;

-------------------------
$input_path = ‘g:\logs\’
$output_file = ‘g:\logs\extracted_ip_addresses.txt’
$regex = ‘\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b’
select-string -Path $input_path -Pattern $regex -AllMatches | % { $_.Matches } | % { $_.Value } > $output_file
-------------------------

It outputs all IPs, on thier own, in the logs to the 'extracted_ip_addresses.txt' file, as follows

x.x.x.x
x.x.x.x
x.x.x.x
x.x.x.x

and so on. Which is great, but however, it populates 100k of IPs from my internal range of 192.168.x.x and 172.32.x.x

I would like to modify it to collect as normal, but exclude these ranges.

A final really great option, but not as critical, could it be also modified to avoid repetition, and only show the first instance of a particular IP?

Many thanks in advance.

RE: Parse logfile for IPs, exclude internal IPs from output

To remove the IPs in your range, use string manipulation to see if the left octet matches your ranges and if it does then ignore it. If not then create a dictionary object and add the IP to the dictionary. The dictionary will give you unique entries.

I hope that helps.

Regards,

Mark

Check out my scripting solutions at http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close