Get last line of variably named log file

Content Authoring
1

I’m trying to get the last line of an variably named log file. I can get the file, list the contents, and get the number of lines. When I try and combine it, I get an error

Each piece of info is available:

(name of it, number of lines of it, lines of it) of (files whose (name of it contains "savingthrow-") of folder "C:\test\")

results in:

savingthrow-20150514.log, 4, this is line 1
savingthrow-20150514.log, 4, this is line 2
savingthrow-20150514.log, 4, this is line 3
savingthrow-20150514.log, 4, No adware found
savingthrow-20150515.log, 5, this is line 1
savingthrow-20150515.log, 5, this is line 2
savingthrow-20150515.log, 5, this is line 3
savingthrow-20150515.log, 5, this is line 4
savingthrow-20150515.log, 5, Genio adware found

Get a specific line works as well:

(name of it, line 4 of it) of (files whose (name of it contains "savingthrow-") of folder "C:\test\")

results in:

savingthrow-20150514.log, No adware found
savingthrow-20150515.log, this is line 4

Get last line of unknown file does not work:

(name of it, line (number of lines of it)) of (files whose (name of it contains "savingthrow-") of folder "C:\test\")

Result:

Property 'line <integer>' is not defined

But if I name the file specifically I can get last line of file:

 line (number of lines of it) of file ("C:\test\savingthrow-20150514.log")

Results:

No adware found

What I ultimately want to see is:

savingthrow-20150514.log, No adware found
savingthrow-20150515.log, Genio adware found

Any ideas?

2

This is where the Fixlet Debugger is handy for highlight the references ‘of it’.

    (name of it, line (number of lines of it)) of (files whose (name of it contains "savingthrow-") of folder "C:\test\")
Result:

Property 'line <integer>' is not defined

The message says it all…let’s expand line (number of lines of it) into something like line (3) … that’s line 3 ‘of nothing’. Relevance can get ugly to read real quick, but you could try line(number of lines of it) of it

1 Like
3

Great! That works! I have a hard time keeping track of those 'of it’s. Thanks for the assist!

4

Try this instead to find only lines of logs that contain adware results:

lines whose(it contains " adware found" AND it does not contain "No adware found") of files whose (name of it contains "savingthrow-") of folders "C:\test\"

I assume this is related to https://github.com/sheagcraig/SavingThrow ?

You might be interested in these related items:
http://bigfix.me/fixlet/details/3967
http://bigfix.me/analysis/details/2994641

5

The last line is all I really care about - the summary of the last malware check. But, I am still trying to figure out the best way to use this tool through IEM, so I might do something like you mention. Yes it is the Mac malware scan tool SavingThrow. I just used Windows paths so I could use the Fixlet Debugger in windows.

1 Like
6

Only checking the last line might be a tad more efficient, but what if there is a blank line at the end? or if the format changes? Or what if multiple are found?

I think this is more flexible long term, like this:

number of lines whose(it contains " adware found" AND it does not contain "No adware found") of files whose (name of it contains "savingthrow-") of folders "C:\test\"