Jump to content
Sign in to follow this  
allSystemsGo

Find Text from ReadFile

Recommended Posts

allSystemsGo

Hi, everybody. I am new to this so bear with me. As part of my sysadmin responsibilities, I monitor several logs. I decided to try my hand at making a script that would combine them into one window for viewing and be able to use some tools within the same interface. So far, I am trying this with just one log. I want to be able to read the log, search within the log for certain strings of text, and be able to launch a network tool called Fing. I have all of this working except for the find function. I open the file, then read the file within a text box that is generated by Koda form generator. I want to be able to search within the text of that file. Any help is appreciated. I will post the code below.

Edit** Forgot to paste the #include portion.

#include <ButtonConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
#include <GuiEdit.au3>




Local $file = FileOpen("z:\logs\server.log", 0)

; Check if file opened for reading OK
If $file = -1 Then
MsgBox(0, "Error", "Unable to open file.")
Exit
EndIf
$text = FileRead($file)


#Region ### START Koda GUI section ### Form=c:\program files\autoit3\scripts\form.kxf
$Form1_1 = GUICreate("Server Log", 615, 438, 192, 124)
$Fing = GUICtrlCreateButton("Fing", 440, 24, 113, 57, $BS_ICON)
$Find = GUICtrlCreateButton("Find", 440, 112, 113,57)
$hEdit= GUICtrlCreateEdit($text, 64, 24, 505, 233, _
BitOR($ES_AUTOVSCROLL, $WS_VSCROLL, $ES_MULTILINE, $WS_HSCROLL, $ES_NOHIDESEL))
GUICtrlSetImage(-1, "C:\Users\User1\Downloads\overlook-fing-2.1.exe", -1)
$Edit1 = GUICtrlCreateEdit("", 32, 0, 393, 417)
GUICtrlSetData(-1, $text)
GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###

MouseMove (232, 156)
MouseClick ("left", 232, 156)
Send ("{CTRLDOWN}" & "{END}")
sleep (15)
Send ("{CTRLUP}")

While 1
$nMsg = GUIGetMsg()
Select
Case $nMsg = $GUI_EVENT_CLOSE
ExitLoop
Case $nMsg=$Fing
Run(@ComSpec & " /c " & "C:\fing.lnk")
Case $nMsg=$Find
_GUICtrlEdit_Find($hEdit)
EndSelect
WEnd



FileClose($file)
Edited by zsutton92

Share this post


Link to post
Share on other sites
kylomas

zsutton92,

A couple questions / observations:

1 - Your edit controls are overlapping. Also, based on your description I would guess that you want to populate one edit control with the contents of the log file and show search results in the other edit control. However, you are currently populating both edit controls with the contents of the file.

2 - Nothing in your description needs "mouse moves", "mouse clicks" or "sends". What is the intent with these functions?

3 - To offer and real advice for searching we will need to see an example of the log file.

kylomas

edit: and your buttons do not show

Edited by kylomas

Forum Rules         Procedure for posting code

"I like pigs.  Dogs look up to us.  Cats look down on us.  Pigs treat us as equals."

- Sir Winston Churchill

Share this post


Link to post
Share on other sites
allSystemsGo

zsutton92,

A couple questions / observations:

1 - Your edit controls are overlapping. Also, based on your description I would guess that you want to populate one edit control with the contents of the log file and show search results in the other edit control. However, you are currently populating both edit controls with the contents of the file.

2 - Nothing in your description needs "mouse moves", "mouse clicks" or "sends". What is the intent with these functions?

3 - To offer and real advice for searching we will need to see an example of the log file.

kylomas

edit: and your buttons do not show

1. The $hEdit came into play with the Find function that I am trying to perform...the $Edit1 control was made by the Koda designer. I tried removing the $Edit1, but this removes the text area that the log gets imported to.

2. The mouse moves makes the cursor move to the end of the document, just like CRTL+END does in Notepad...Like I said I am new to this and was the only way I had figured to make it happen. I know it can cause problems if there are other windows open at the time.

3. The log I am viewing is just a simple text file generated by a FTP server. I want to be able to search for keywords such as "banned" like I can do in Notepad..but I want to be able to do it in one interface, not having to open up several instances of text viewers. Eventually it will have tabs to be able to switch between the different files...(or at least I am hoping.)

edit: The buttons show when the script is ran....

Hope that can help you help me...Thanks!

Edited by zsutton92

Share this post


Link to post
Share on other sites
kylomas

zsutton92,

Excellent, what results do you want from a search?

kylomas


Forum Rules         Procedure for posting code

"I like pigs.  Dogs look up to us.  Cats look down on us.  Pigs treat us as equals."

- Sir Winston Churchill

Share this post


Link to post
Share on other sites
allSystemsGo

zsutton92,

Excellent, what results do you want from a search?

kylomas

Much like what happens within Notepad.exe. If you use the shortcut CTRL+F (this does not work with the method I am using) you get the "Find:" and a field to type text in to. I just want to be able to type in a word such as "banned" and then if the word is found within the text then it highlights it. If I hit "Find Next" it should move on to the next instance. So far the Find function seems to work, but it always returns that there was no instance found, when I know for sure that it is there. So my guess is that the way it is written at this point, that it is not searching the file that is open. How do I point it to the same text that is being opened in the OpenFile, ReadFile functions?

Share this post


Link to post
Share on other sites
JLogan3o13

Take a look at _FileReadToArray in the help file. You should be able to read the contents of the file into the array, and then search through it, much more quickly.

Edited by JLogan3o13

√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites
kylomas

zsutton92,

This works for me. I made several changes:

1 - Moved "fileclose" to after you read the file

2 - Reformatted the gui. This is just a model for you to build on. ** Personal opinion - get familiar with the gui

building commands and code the gui manually. I've used koda once or twice with mixed results.

3 - File name changed so I could run the code. Just change it back.

#include <ButtonConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
#include <GuiEdit.au3>

Local $file = FileOpen(@scriptdir & '\bb\schd.txt', 0)

; Check if file opened for reading OK
If $file = -1 Then
    MsgBox(0, "Error", "Unable to open file.")
    Exit
EndIf
$text = FileRead($file)
FileClose($file)

$gui010     =     GUICreate("Server Log", 800,700)
$Fing      =     GUICtrlCreateButton("Fing", 20,670,100,20, $BS_ICON)
$Find     =     GUICtrlCreateButton("Find", 200, 670, 100, 20)
            guictrlcreatelabel('Log File Contents',25,5,100,15)
$hEdit      =     GUICtrlCreateEdit('', 20, 20, 760, 640, _
                BitOR($ES_AUTOVSCROLL, $WS_VSCROLL, $ES_MULTILINE, $WS_HSCROLL, $ES_NOHIDESEL))
            GUICtrlSetImage(-1, "C:\Users\User1\Downloads\overlook-fing-2.1.exe", -1)
            GUICtrlSetData($hedit, $text)
            GUISetState(@SW_SHOW)

While 1
    $nMsg = GUIGetMsg()
    Select
        Case $nMsg = $GUI_EVENT_CLOSE
            ExitLoop
        Case $nMsg = $Fing
            Run(@ComSpec & " /c " & "C:\fing.lnk")
        Case $nMsg = $Find
            _GUICtrlEdit_Find($hEdit)
    EndSelect
WEnd

The find works as advertised. It highlights the match and will move to the next match with "Find Next". The edit control can be positioned to the end of the data but I forget how. I'll look it up and get back to you.

kylomas

edit: with regard to JLogan3o13's advice, when we get that far that can be one possible way to read multiple files.

Edited by kylomas

Forum Rules         Procedure for posting code

"I like pigs.  Dogs look up to us.  Cats look down on us.  Pigs treat us as equals."

- Sir Winston Churchill

Share this post


Link to post
Share on other sites
kylomas

zsutton92,

So my guess is that the way it is written at this point, that it is not searching the file that is open.

The _guictrledit_find command is not searching a file, it is searching the edit control. I would not use this, however, as the find dialog box disappears behind the main gui once it loses focus. You can move it to a different part of the screen but this is a pain in the ass. There are probably workaround for this.

kylomas


Forum Rules         Procedure for posting code

"I like pigs.  Dogs look up to us.  Cats look down on us.  Pigs treat us as equals."

- Sir Winston Churchill

Share this post


Link to post
Share on other sites
allSystemsGo

zsutton92,

The _guictrledit_find command is not searching a file, it is searching the edit control. I would not use this, however, as the find dialog box disappears behind the main gui once it loses focus. You can move it to a different part of the screen but this is a pain in the ass. There are probably workaround for this.

kylomas

Ohh, okay. I have tried your code, and while I like the layout better, the buttons are not working for me...

Edit---

I used some of the original code...now the Fing button launched Fing.exe, but the Find button does not do anything (noticeable) and the exit button does not work. I have to kill the process in order to exit.

Edited by zsutton92

Share this post


Link to post
Share on other sites
kylomas

zsutton92,

Only tried the find button and it works for me...

edit: re-post the code if the find button does not work...

Edited by kylomas

Forum Rules         Procedure for posting code

"I like pigs.  Dogs look up to us.  Cats look down on us.  Pigs treat us as equals."

- Sir Winston Churchill

Share this post


Link to post
Share on other sites
allSystemsGo

zsutton92,

Only tried the find button and it works for me...

edit: re-post the code if the find button does not work...

#include 
#include 
#include 
#include 
#include 


DriveMapAdd("z:","\\server\share", 1, "user", "Pass")
Local $file = FileOpen("z:\logs\server.log", 0)

; Check if file opened for reading OK
If $file = -1 Then
MsgBox(0, "Error", "Unable to open file.")
Exit
EndIf
$text = FileRead($file)


FileClose($file)

$gui010 = GUICreate("Server Log", 800,700)
$Fing = GUICtrlCreateButton("Fing", 20,670,100,20, $BS_ICON)
$Find = GUICtrlCreateButton("Find", 200, 670, 100, 20)
guictrlcreatelabel('Log File Contents',25,5,100,15)
$hEdit = GUICtrlCreateEdit('', 20, 20, 760, 640, _
BitOR($ES_AUTOVSCROLL, $WS_VSCROLL, $ES_MULTILINE, $WS_HSCROLL, $ES_NOHIDESEL))
GUICtrlSetData($hedit, $text)
GUISetState(@SW_SHOW)





While 1
$nMsg = GUIGetMsg()
Select
Case $nMsg = $GUI_EVENT_CLOSE
ExitLoop
Case $nMsg=$Fing
Run(@ComSpec & " /c " & "C:\fing.lnk")
Case $nMsg=$Find
_GUICtrlEdit_Find($hEdit)
EndSelect
WEnd



FileClose($file)

Edited code for security reasons....added mapdrive function.. Going home for the day...can pick back up tomorrow.

Share this post


Link to post
Share on other sites
kylomas

zsutton92,

The "find" button works for me using the gui def and message loop copied directly from your posted code.

Also, you can remove the "fileclose" from the buttom of your script.

kylomas


Forum Rules         Procedure for posting code

"I like pigs.  Dogs look up to us.  Cats look down on us.  Pigs treat us as equals."

- Sir Winston Churchill

Share this post


Link to post
Share on other sites
kylomas

zsutton92,

You might be interested in reading thread. There are a couple of examples of how sysadmin's handle local and remote logs. Just search all forums.

kylomas


Forum Rules         Procedure for posting code

"I like pigs.  Dogs look up to us.  Cats look down on us.  Pigs treat us as equals."

- Sir Winston Churchill

Share this post


Link to post
Share on other sites
allSystemsGo

Okay...I finally have the code working. Is there a way that you can make the Find function of the code, search from the end of the text up, instead from the beginning down?

Share this post


Link to post
Share on other sites
kylomas

zsutton92,

Is there a way that you can make the Find function of the code, search from the end of the text up, instead from the beginning down?

I've never used the the edit control find function before, but I don't see anything in the doc or dialog that supports this.

Before we get into how to search we need to know what we are searching.

1 - How much data with all files combined?

2 - Is all data in the same format?

3 - Is there a date/time stamp or sequence number that these files can be sorted on?

kylomas

edit: another log viewer!

Edited by kylomas

Forum Rules         Procedure for posting code

"I like pigs.  Dogs look up to us.  Cats look down on us.  Pigs treat us as equals."

- Sir Winston Churchill

Share this post


Link to post
Share on other sites
LarryDalooza

Okay...I finally have the code working. Is there a way that you can make the Find function of the code, search from the end of the text up, instead from the beginning down?

Perhaps _StringReverse() the data and the search string... search... then do math.

f_mrcleansmalm_77ce002.jpgAutoIt has helped make me wealthy

Share this post


Link to post
Share on other sites
allSystemsGo

zsutton92,

I've never used the the edit control find function before, but I don't see anything in the doc or dialog that supports this.

Before we get into how to search we need to know what we are searching.

1 - How much data with all files combined?

2 - Is all data in the same format?

3 - Is there a date/time stamp or sequence number that these files can be sorted on?

kylomas

edit: another log viewer!

1. The data is just a log for an FTP server...its an ever-growing .txt file. Basically what I look for in this log is to see if any IP addresses have been banned recently, then I record the addresses in a file that I keep up with so that I know that they are malicious. That file is not included in this script, as of yet.

2. Like I said, its just a .txt file...nothing special.

3. There is a date/time stamp on every entry.

Share this post


Link to post
Share on other sites
kylomas

zsutton92,

I monitor several logs. I decided to try my hand at making a script that would combine them into one window for viewing

These will have to be merged in some manner, presumably chronological order. To make a reasonable decision for managing this data we need to know:

1 - how large the composite is

2 - the file format

How we search the file(s) largely depend on the answers for these questions.

Can you post a portion of the log?

Did you read the topic that I pointed you to?

kylomas


Forum Rules         Procedure for posting code

"I like pigs.  Dogs look up to us.  Cats look down on us.  Pigs treat us as equals."

- Sir Winston Churchill

Share this post


Link to post
Share on other sites
allSystemsGo

i read the topic you pointed me to....it was not really what I was looking for. I just want to be able to open one exe and have all my logs right there, preferably in tabbed sections.

Here is a portion of the log....particularly the portion that I will be searching for...

(002732) 5/18/2012 17:52:57 PM - (not logged in) (184.107.169.146)> USER Administrador

(002732) 5/18/2012 17:52:57 PM - (not logged in) (184.107.169.146)> 331 Password required for administrador

(002732) 5/18/2012 17:53:07 PM - (not logged in) (184.107.169.146)> PASS ******

(002732) 5/18/2012 17:53:07 PM - (not logged in) (184.107.169.146)> 530 Login or password incorrect!

(002732) 5/18/2012 17:53:31 PM - (not logged in) (184.107.169.146)> USER Administrador

(002732) 5/18/2012 17:53:31 PM - (not logged in) (184.107.169.146)> 331 Password required for administrador

(002732) 5/18/2012 17:53:48 PM - (not logged in) (184.107.169.146)> PASS ******

(002732) 5/18/2012 17:53:48 PM - (not logged in) (184.107.169.146)> 530 Login or password incorrect!

(002732) 5/18/2012 17:54:29 PM - (not logged in) (184.107.169.146)> USER Administrador

(002732) 5/18/2012 17:54:29 PM - (not logged in) (184.107.169.146)> 331 Password required for administrador

(002732) 5/18/2012 17:54:59 PM - (not logged in) (184.107.169.146)> PASS ******

(002732) 5/18/2012 17:54:59 PM - (not logged in) (184.107.169.146)> 421 Temporarily banned for too many failed login attempts

I monitor this log to check on any unauthorized activity on the FTP server. Usually, I will cross-reference the IP and scan it to see if there were any malicious services running on it.

This size of this file is rather large for a .txt file...83MB and growing. Thinking there may be a way to break this log down into individual files for every new day. If this is the case there would be no need to search "up" the file, because then all the data would be new to me.

Share this post


Link to post
Share on other sites
kylomas

zsutton92,

I decided to try my hand at making a script that would combine them into one window

You want each log in a seperate tab? How many?

83MB is not really large. Regardless, based on the format you've posted it would be very easy to parse out data. One possibility is a dialog with 5 or 7 tabs, each tab representing a day's worth of data. You would then have a rolling week's worth of logs.

kylomas

  • Like 1

Forum Rules         Procedure for posting code

"I like pigs.  Dogs look up to us.  Cats look down on us.  Pigs treat us as equals."

- Sir Winston Churchill

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×