ms_powershell_demo.MD

MS PowerShell Demo

Get IP Addresss

• Get-NetIPAddress | Format-Table

With Filter

• Get-NetIPAddress | select IPAddress | where { $_.IPAddress -match "192"}
• Get-NetIPAddress | select IPAddress | where { $_.IPAddress -match "169"}
• Get-NetIPAddress | select IPAddress | where { $_.IPAddress -match "127"}
• Get-NetIPAddress | select IPAddress, InterfaceAlias | where {$_.InterfaceAlias -match "Wireless"} # for Wireess network list

Only not Empty IP Address

• Get-NetIPAddress | select IPAddress | where { $_.IPAddress }

IP With Interace Alias

• Get-NetIPAddress | select IPAddress , InterfaceAlias | Format-Table

IP from VirutalBox Interface

• Get-NetIPAddress | select IPAddress , InterfaceAlias | where {$_.InterfaceAlias -match "VirtualBox" }

Sort By AddressState

• Get-NetIPAddress | select IPAddress , InterfaceAlias , AddressState | sort { $_.AddressState }

All Column Sort By 2 Field , Display as Table

• Get-NetIPAddress | select * | sort { $.AddressFamily, $.AddressState } | Format-Table

Get Process with State like "Established" คือมีการเชื่อมต่อแล้ว , with port and process number

• Get-NetTCPConnection | select state , LocalAddress , LocalPort , RemoteAddress, RemotePort, OwningProcess | where {$_.State -match "Establish" } | Format-Table

Get Process with State like "Listen" คือมีการเปิดเซอร์วิส รอการเชื่อมต่อ , with port and process number

• Get-NetTCPConnection | select state , LocalAddress , LocalPort , RemoteAddress, RemotePort, OwningProcess | where {$_.State -match "Listen" } | Format-Table

Get Process Name By Name

• Get-Process | Select * | where {$_.ProcessName -match "httpd" }

Get Process By Process ID (PID)

• $a_PID = $(4,929)
• Get-Process | Select id,ProcessName , CPU | where {$_.id -iin $a_PID }

Get Process By Name or Path

• Get-Process | Select Name,Id,Product,Path,Company | where {$_.Name -match "chrome" } | Format-Table
• Get-Process | Select Name,Id,Product,Path,Company | where {$_.Path -match "xampp" } | Format-Table

Get Process , Display Product Path And Company

• Get-Process | Select Name,Id,Product,Path | sort {$_.Product} | Format-Table
• Get-Process | Select Name,Id,Product,Company | sort {$_.Company} | Format-Table
• Get-Process | Select Name,Id,Company ,Path| sort {$_.Company} | Format-Table

Get Disk/Partition

• Get-Partition # Get Disk Partition
• Get-PSDrive # Get Disk / Certificate / Environment / Registry / Variable

Get Application Log / System Log

• Get-EventLog Application -Newest 20
• Get-EventLog System -Newest 20

Following Section REF by below link

• REF : https://msdn.microsoft.com/en-us/powershell/reference/5.1/microsoft.powershell.management/get-service

List Service , then Filter By Name , then display Format As Table

• Get-WmiObject win32_service -Filter "name like '%Apac%' or name like '%HTTP%' " | Format-Table ( This display ExitCode/Name/ProcessId/StartMode/State/Status )

Get Require/ Dependency Service

PS C:> Get-Service "Apache2.2" -RequiredServices

Status   Name               DisplayName
------   ----               -----------
Running  Afd                Ancillary Function Driver for Winsock
Running  Tcpip              TCP/IP Protocol Driver

PowerShell Domain Info .ps1

# http://stackoverflow.com/questions/4409043/how-to-find-if-the-local-computer-is-in-a-domain

# is in domain or not 
(gwmi win32_computersystem).partofdomain

# get Hardware Info , Domain , Hardware Model 
(gwmi win32_computersystem)

#Get computer Name  
$env:computername

# Check Member Type  - in Domain / or Not  
$dr = gwmi -Class win32_computersystem | select -ExpandProperty domainrole
switch ($dr) {
        0 {"Standalone Workstation"} 
        1 {"Member Workstation"} 
        2 {"Standalone Server"} 
        3 {"Member Server"} 
        4 {"Backup Domain Controller"} 
        5 {"Primary Domain Controller"} 
        default {"Unknown"} 
        } # end switch

z_log_tail.ps1

#================================================================
# @Author: Thitipong Samranvanich 
# @Since : 2017-03-13 
# @For   : (Demo ) Display tail log in xampp log / Windows
#================================================================ 


# copy and past this script to power shell script 

#===========================================
function loadfile($max_tail = 50 ){
    $row = Get-Content c:\xampp\apache\logs\access.log -Tail $max_tail 
    return $row 
}
#===========================================

function filter_row($array , $search_text){
    return $array.GetEnumerator() | Where { $_ -match $search_text }
}

#===========================================
function rep_sum($row){
    $aurl = @{}
    $aurl2 = @()
    foreach ($r in $row ){
    $col =  $r.split(" ")
    $url = $col[6]
    if( -Not ($aurl.Contains($url ))){
            $tmp  =  $aurl.Add( $url , 1)
        }else{
            $aurl[$url] = $aurl[$url] + 1
        }
        $aurl2 += $url  
    }
    # report sum  
    $rep = $aurl.GetEnumerator() | Select Value, Name |  Sort-Object Value -descending
    #$aurl 
    #$aurl2
    return  @{'r_bycount'= $rep ;  'rawlog_url' = $aurl2  } 
}
 

function main($max_tail = 50 ){
    $row = loadfile -max_tail $max_tail
    $result = rep_sum -row $row
    $r_bycount = $result['r_bycount'] 
    $rawlog_url = $result['rawlog_url']

    "======  Summary Data ========= "  
    #full data 
    $r_bycount  

    # filter
    "====== Filter Text on Summary Data ========= " 
    filter_row -array $r_bycount -search_text "admin"

    "====== Filter Text on Summary raw log ========= " 
    filter_row -array $rawlog_url -search_text "admin"

    "===== raw log , by time ====== " 
    $rawlog_url 
}

return main -max_tail 50

#=====================
# run main -max_tail 10  ,again  , again and again  
#=====================