robie2011
4/30/2014 - 1:46 PM

Powershell RegEx Examples

Powershell RegEx Examples

# File: showMyTeamviewerSession.ps1
# Date: 01.03.2013
# Author: Robert Rajakone
# URL: http://tech.robie.ch
# Description: This script extract Teamviewer session connection information from logfile

write-host "Today's Teamviewer Sessions"

# Der Regex-Ausdruck für Extraktion der Daten
$RegexExp = "(\d{4}/\d{2}/\d{2} \d{2}:\d{2}:\d{2}\.\d{3})\s*(\d+)\s*(\d+)\s*([\w\d!]*)\s*(.*$)"



$log="C:\Program Files (x86)\TeamViewer\Version6\TeamViewer6_Logfile.log"
$logdata = gc $log
$logdata -match (get-date -Format "^yyyy\/MM\/dd") -match "(Session to \d+ ended)|(Client connection to \d+)" | ForEach-Object{
    #Write-Host $_
    $extract = [regex]::match($_,$RegexExp)
    $Col1 = $extract.Groups[1].Value  #DateTime
    $Col2 = $extract.Groups[2].Value  #PID
    $Col3 = $extract.Groups[3].Value
    $Col4 = $extract.Groups[4].Value
    $Col5 = $extract.Groups[5].Value  #Comment/Action
    
    
    # Extracting Remote Client ID
    $remoteClient=[regex]::match($Col5, "[Tt]o.(\d{9})").Groups[1].Value
    
    # Converting remoteClient ID to INT and formatting to Teamviewer know ID Format 123 456 789
    $remoteClient=[string]::Format("{0:### ### ###}", [int] $remoteClient)
    
    # Convert Datetime
    $datetime=[datetime]::Parse($Col1)
    
    if ($Col5 -match "ended"){
        write-host $datetime " Disconnecting " $remoteClient
    }else{
        write-host $datetime " Connecting " $remoteClient
    
    }        
}



# Work only in PowerShell Console (NOT IN Powershell ISE!)
$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")