Logparser and powershell with multiple logfiles in a foreach-object loop

So I'm trying to write a powershell script that will go through a folder full of .evtx files, send out each one via syslog, then append ".done" to the filename of the .evtx file after doing so.

The thing is, I'm not quite sure how to reference the current log file I am on within the Foreach-Object loop.

Hopefully the following code will explain my dillema.

# begin foreach loop
Get-ChildItem $evtxfolder -Filter *.evtx | `
Foreach-Object {
$LPARGS = ("-i:evt", "-o:syslog", "SELECT STRCAT(`' evt-Time: `', TO_STRING(TimeGenerated, `'dd/MM/yyyy, hh:mm:ss`')),EventID,SourceName,ComputerName,Message INTO $SERVER FROM $CURRENTOBJECT") #obviously, this won't work.
$LOGPARSER = "C:\Program Files (x86)\Logparser 2.2\logparser.exe"
$LP = Start-Process -FilePath $LOGPARSER -ArgumentList $LPARGS -Wait -Passthru -NoNewWindow
$LP.WaitForExit() # wait for logs to finish

If you look in $LPARGS, you'll see that I put $SERVER and $CURRENTOBJECT. Obviously, the way I have it now will not work, but obviously, that won't work. So basically, I'm trying to put the variable $SERVER (passed in as a parameter) into the arguments for logparser, and reference whatever current event log it is working on to put in the "FROM" statement so that it knows to work on one .evtx file at a time. What would be the proper way to do this?

An example of the INTO FROM statement:

..snippet..
SourceName,ComputerName,Message INTO @192.168.56.30 FROM 'C:\Eventlogs\20131125.evtx'"

Of course, 'C:\Eventlogs\20131125.evtx' would change as it goes through the contents of the directory.

Answers


If $server is defined outside your script above it will be available inside your string for $LPARGS. As for the $CURRENTOBJECT, that would be $_. In this case, it will be a FileInfo object. It is likely you want the Name property e.g. $($_.Name).


Need Your Help

Python getopt taking second option as argument of first option

python getopt

I am trying to use getoptsfor command line parsing. However, if I set the options to have mandatory arguments via :or = and no argument is given in the command line, the following option is taken a...

if mysql any field is empty then show a word like null

php html mysql

I need to know that, if there is any empty field then display null in retrieve form. i mean,