cat1Working as a Windows server administrator many times I found myself in a situation where I have to check 50+ Mb log file for only one e-mail address or some other term. Ofcourse, many of you are going to think: “Yeah, like that’s a problem, just press CRTL+F and type in the term :)” ,and you’re right. That way rocks when you have 10, or maximum 20 entries where that term is mentioned ( i.e some e-mail address) in the entire log file .  But, what to do when you’re in a situation that a client wants to see the logs for his entire domain. All sent e-mail, all incoming e-mail, everything…then, it gets a little too much to do “crtl+f”  and copy/paste the result in some other file which you are going to send to the client.  Linux users have their way to do that, simply by : cat filename.txt | grep term > outputfile.txt .  By starting to explore powershell, my first task was to find a similar command to do the same thing on a Windows server. Doing a little searching on the web I found the solution that is really simple and similar to linux command :) hooray for me :)

The Unix “cat” command is used to concatenate and display files.   Given a file or filename list, it will print the contents of that file to standard output.  There are several options in the Unix command that are implemented with the following PowerShell arguments:

Unix PowerShell Description
-b filespec A file or file matching pattern to concatenate.
-n -number Prefix all output lines with line numbers
-b -number_nonblank Prefix nonblank output lines with numbers.
-E -show_ends display “$” at the end of each line.
-T -show_tabs Display TAB characters as “^I”
-s -squeeze_blanks Never more than one consecutive single blank line

But, as we can see, no  “grep” command like on linux :( . Again, some more searching and I found a command called “findstr” .

Example:

c:\cat logs.txt  – will print all the content of that file.

#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2009-09-28 15:30:08
#Fields: date time s-sitename s-computername s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken
2009-09-28 15:30:08 W3SVC1958603616 WIN7 89.201.164.205 GET /index.php - 80 - 89.201.144.106 HTTP/1.1 Mozilla/5.0+(X11;+U;+Linux+x86_64;+en-US;+rv:1.9.0.14)+Gecko/2009090217+Ubuntu/9.04+(jaunty)+Firefox/3.0.14 - - www.winblogs.net.win7.mojsite.com 500 0 0 1900 406 31
2009-09-28 15:30:08 W3SVC1958603616 WIN7 89.201.164.205 GET /wp-admin/css/install.css - 80 - 89.201.144.106 HTTP/1.1 Mozilla/5.0+(X11;+U;+Linux+x86_64;+en-US;+rv:1.9.0.14)+Gecko/2009090217+Ubuntu/9.04+(jaunty)+Firefox/3.0.14 - http://www.winblogs.net.win7.mojsite.com/ www.winblogs.net.win7.mojsite.com 200 0 0 2802 437 15
2009-09-28 15:30:08 W3SVC1958603616 WIN7 89.201.164.205 GET /wp-admin/images/white-grad.png - 80 - 89.201.144.106 HTTP/1.1 Mozilla/5.0+(X11;+U;+Linux+x86_64;+en-US;+rv:1.9.0.14)+Gecko/2009090217+Ubuntu/9.04+(jaunty)+Firefox/3.0.14 - http://www.winblogs.net.win7.mojsite.com/wp-admin/css/install.css www.winblogs.net.win7.mojsite.com 200 0 0 460 482 15

Now, lets say that we want to see the lines only where the word “username” is mentioned. As you can see, there is much other stuff in the output that we dont need, so we will simple do this:

c:\cat logs.txt | findstr username

and it will print out the lines where the term “username” is mentioned.

#Fields: date time s-sitename s-computername s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken
#Fields: date time s-sitename s-computername s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host

AWESOME, we got 60 percent of the work done! All we need to do now is to copy that output to a file. Yes, we could do copy/paste, but that is boring :) . All we have to do is add  ” > filename.txt” to the end of the cat command.

Example:

c:\ cat logs.txt  | findstr username > outputfile.txt

And bingo! All the lines where the term “username” is mentioned are now written to the file called “outputfile.txt” – ofcourse, you can name it whatever you like :)

It made my life easier :) Cheers!