Learn about Windows PowerShell
Summary: Scripting Games Advanced Event 5: Dr. Scripto needs to create a tool to find client IP addresses from a bunch of IIS logs.
Microsoft Scripting Guy, Ed Wilson, is here. Today is the release of Event 5 for the 2013 Scripting Games. Remember that they are being run and hosted at www.powershell.org. You will need to go to that webpage to submit your entry.
Dr. Scripto finds himself in possession of a bunch of IIS log files. (It is much like the one at http://morelunches.com/files/powershell3/LogFiles.zip, if you need one to practice with.) He’s keeping all of the log files in C:\Reporting\LogFiles, and he’s left the log files with their default file names, which he’s given a .log file name extension. All of the files are for a single website, on a single web server.
He’d like you to write a tool that accepts a path, and then simply scans through each file in that path, generating a list of each unique client IP address that have been used to access the website. No IP address should appear more than once in your output, and you don’t need to sort the output in any way.
Your tool should optionally accept an IP address mask, such as “192.0.1.*” and only display IP addresses that match the specified pattern. If run without a pattern, display all IP addresses.
As described in IIS Log File Example, the client IP address is the first item in each log file entry. Regardless of the addresses found in the sample file, you should assume that any legal IP address may appear in the files Dr. Scripto needs to scan. Your command should scan all of the files in the folder (and the folder doesn’t contain any other kind of file) and produce a single set of results. If an IP address appears in multiple log files (it’s likely that will be the case), your final output should still only list that IP address one time.
I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at email@example.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.
Ed Wilson, Microsoft Scripting Guy
I don't understand... "As described in IIS Log File Example, the client IP address is the first item in each log file entry" -
192.168.114.201, -, 03/20/01, 7:55:20, W3SVC2, SERVER, 172.21.13.45, 4502, 163, 3223, 200, 0, GET, /DeptLogo.gif, -,
OK! But in the examples (morelunches.com/.../LogFiles.zip) we can see:
2012-04-20 21:01:33 10.211.55.30 GET /testpage.asp - 80 - 10.211.55.25 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+WOW64;+Trident/5.0) 200 0 0 265
So, client IP is not first!
^^ IT'S A TRAP!
The Client IP Address in the logs provided are not the first item. The article referenced is for IIS 6.0 and the logs provided are from IIS 7.5. It appears that the order has changed!!