ghotz · April 22, 2024 12:00
diff --git a/get-http-rawlogs-top-offenders.ps1 b/get-http-rawlogs-top-offenders.ps1
 $Log = Get-Content "C:\home\logfiles\http\rawlogs\*.log" | Select -Skip 2 | ConvertFrom-Csv -Delimiter " " -Header 'date','time','s-sitename','cs-method','cs-uri-stem','cs-uri-query','s-port,cs-username','c-ip','cs(User-Agent)','cs(Cookie)','cs(Referer)','cs-host','sc-status','sc-substatus','sc-win32-status','sc-bytes','cs-bytes','time-taken';
 $Log | ? { $_.'cs-method' -eq 'POST' } | Group-object -Property 'cs(User-Agent)' | % {[pscustomobject]@{Type=$_.Name;'Total POSTs ↓'=$_.Count;'Total Bytes' = ($_.group | measure-object 'cs-bytes' -Sum).Sum}} | Sort-Object 'Total POSTs ↓' -Descending | Select -first 10 | ft
 $Log | ? { $_.'cs-method' -eq 'POST' } | Group-object -Property 'cs(User-Agent)' | % {[pscustomobject]@{Type=$_.Name;'Total POSTs'=$_.Count;'Total Bytes ↓' = ($_.group | measure-object 'cs-bytes' -Sum).Sum}} | Sort-Object 'Total Bytes ↓' -Descending | Select -first 10 | ft
	$Log = Get-Content "C:\home\logfiles\http\rawlogs\*.log" \| Select -Skip 2 \| ConvertFrom-Csv -Delimiter " " -Header 'date','time','s-sitename','cs-method','cs-uri-stem','cs-uri-query','s-port,cs-username','c-ip','cs(User-Agent)','cs(Cookie)','cs(Referer)','cs-host','sc-status','sc-substatus','sc-win32-status','sc-bytes','cs-bytes','time-taken';
	$Log \| ? { $_.'cs-method' -eq 'POST' } \| Group-object -Property 'cs(User-Agent)' \| % {[pscustomobject]@{Type=$_.Name;'Total POSTs ↓'=$_.Count;'Total Bytes' = ($_.group \| measure-object 'cs-bytes' -Sum).Sum}} \| Sort-Object 'Total POSTs ↓' -Descending \| Select -first 10 \| ft
	$Log \| ? { $_.'cs-method' -eq 'POST' } \| Group-object -Property 'cs(User-Agent)' \| % {[pscustomobject]@{Type=$_.Name;'Total POSTs'=$_.Count;'Total Bytes ↓' = ($_.group \| measure-object 'cs-bytes' -Sum).Sum}} \| Sort-Object 'Total Bytes ↓' -Descending \| Select -first 10 \| ft