Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, July 11, 2016 10:17 PM
I'm trying to run a to search IIS logs on each of our IIS servers (36) because the log files are quite large and there are 14 days worth kept.
I have a scriptblock which runs just fine locally on one of those server, but it fails when I try it via invoke-command from a remote machine. The message returned is:
Processing data for a remote command failed with the following error message: The WSMan provider host process did not return a proper response. A provider in the host process may have behaved improperly
What is WSMan? This script takes 15-30 minutes to run. Is there a timeout I am hitting?
Here is the code:
$script = {
cd c:\inetpub\logs\LogFiles\w3svc3
$unique = @()
Get-ChildItem -name -path "u*.log" | % {
$content = get-content $_ | select-string -pattern " (GET|POST|MERGE|PUT) /.*/api/applitrack.*\.svc.* 40[13] "
$content = $content -replace('.* (GET|POST|MERGE|PUT) /([^/ ]+)/api/applitrackapi.*','$2')
$content | % {
if ( ! $unique.Contains($_.ToLower()) ) {
$unique += $_.ToLower()
}
}
}
$unique | write-host
}
$svcCreds = get-credential -username 'remoteuser' `
-message 'Input password for remoteuser'
invoke-command -computername 'webserver1' -credential $svcCreds `
-scriptblock $script -asjob
All replies (6)
Tuesday, July 12, 2016 9:08 PM ✅Answered
Found out that since the log files were so large, it was running out of memory. In the algorithm I was loading the entire file into memory. The identifying output was obtains by running Invoke-Command without the "-asjob" parameter and interactively.
See http://www.gsx.com/blog/bid/83018/Troubleshooting-unknown-PowerShell-error-messages for helpful information on dealing with WSMan messages.
So, once I modified the code like this (using select-string to read the file), it ran well remotely.
$script = {
cd c:\inetpub\logs\LogFiles\w3svc3
$unique = @()
Get-ChildItem -name -path "u*.log" | % {
$content = select-string -pattern " (GET|POST|MERGE|PUT) /.*/api/applitrack.*\.svc.* 40[13] " -path $_
$content = $content -replace('.* (GET|POST|MERGE|PUT) /([^/ ]+)/api/applitrackapi.*','$2')
$content | % {
if ( ! $unique.Contains($_.ToLower()) ) {
$unique += $_.ToLower()
}
}
}
$unique | write-host
}
Monday, July 11, 2016 11:51 PM
Invoke-Command is WSMan. You have issues. They need to be fixed.
Also your script makes little sense. What is this line:
if ( !$unique.Contains($_.ToLower()) ) {
The object is empty and will always be empty. The code will never resolve.
\(ツ)_/
Tuesday, July 12, 2016 2:54 AM
Hi Kevin,
>>What is WSMan? This script takes 15-30 minutes to run. Is there a timeout I am hitting?
WSMan provides access to Web Services for Management (WS-Management) configuration information.
For more details,please refer to link below:
https://technet.microsoft.com/en-us/library/hh847813.aspx
For this issue, I suppose we could use the command *test-wsman -computernname -authentication *to test your target server's wsman related configurations.
For detailed parameters, refer to link below:
https://technet.microsoft.com/en-us/library/hh849873.aspx
Besides, please check the related authentication method on your target server.
Best regards
Andy_Pan
Tuesday, July 12, 2016 2:15 PM
Wrong, that scriptblock runs just fine locally. The line you cite is looking to see if a given string is not already in the array. As you can see the if statement will then add to that array.
Tuesday, July 12, 2016 2:54 PM
Perhaps if you explain what it is you are trying to accomplish.
Trying to guess for the code I can only say that this would be more efficient.
$script={
Get-ChildItem -path c:\inetpub\logs\LogFiles\w3svc3 -Include 'u*.log'|
get-content |
select-string -pattern ' (GET|POST|MERGE|PUT) /.*/api/applitrack.*\.svc.* 40[13] ' |
ForEach-Object{ ($_.Line) -replace '.* (GET|POST|MERGE|PUT) /([^/ ]+)/api/applitrackapi.*', '$2' } |
ForEach-Object{$_.ToLower} |
Select -Unique
}
Also LogParser is a far more efficient and flexible way to parse IIS log files. It is how most do this:
https://www.microsoft.com/en-us/download/details.aspx?id=24659
Forums for LogParser with IIS logs are here: http://forums.iis.net
\(ツ)_/
Tuesday, July 12, 2016 9:19 PM
That is what my post would have fixed. You need to learn to use the pipeline as it can easily educe overhead. The only issue is the "unique-ing" bit which requires loading it all into memory at one shot.
LogParser would be faster and use less memory. LogParser can also output directly into a database table. And uses many advanced methods to read log files. It also runs multithreaded which PowerShell does not.
\(ツ)_/