How to Parse this XML File and require below mentioned value as output using powershell script
need values below output below xml file me script:
under criteria tag-
timestamp display value
oid corresponding display value nodes "criterion"
under report body tag--
name in report section , oid value
<?xml version="1.0" encoding="utf-8"?>
<reportoutput>
<reporthead>
<report name="execution action" type="detailedchanges_rpt">
<description></description>
</report>
<criteria>
<timestampcriterion name="date" displayvalue="08/10/14 23:08">
<timestamp displayvalue="08/10/14 23:08">1412780929000</timestamp>
</timestampcriterion>
<matchcriterion name="approvalid" displayvalue="not applied" operator="contains" />
<matchcriterion name="promotioncomment" displayvalue="not applied" operator="contains" />
<selectcriterion name="changewindow" displayvalue="not applied" />
<selectcriterion name="auditevents" displayvalue="(any)">
<string>auditeventany</string>
</selectcriterion>
<selectcriterion name="attributedisplay" displayvalue="changed attributes">
<string>changed</string>
</selectcriterion>
<selectcriterion name="versioncompare" displayvalue="version current baseline">
<string>disabled</string>
</selectcriterion>
<booleancriterion name="showcontentdiff" displayvalue="no">
<boolean value="false" />
</booleancriterion>
<booleancriterion name="displayusers" displayvalue="no">
<boolean value="false" />
</booleancriterion>
<booleancriterion name="displaypackages" displayvalue="no">
<boolean value="false" />
</booleancriterion>
<booleancriterion name="displaycustomproperties" displayvalue="no">
<boolean value="false" />
</booleancriterion>
<booleancriterion name="strictpackagematch" displayvalue="no">
<boolean value="false" />
</booleancriterion>
<booleancriterion name="displaycriteriaatend" displayvalue="no">
<boolean value="false" />
</booleancriterion>
<selectcriterion name="elementexists" displayvalue="not applied" />
<integercriterion name="maxlinesperblock" displayvalue="10">
<integer>10</integer>
</integercriterion>
<nodescriterion name="nodes" displayvalue="tripwireent.demo.net">
<oid>-1y2p0ij32e8bw:-1y2p0ij32e7cu</oid>
</nodescriterion>
<matchcriterion name="nodename" displayvalue="not applied" operator="contains" />
<custompropertiescriterion name="nodeprops" displayvalue="not applied" />
<rulescriterion name="rules" displayvalue="critical system files">
<oid>-1y2p0ij32e7q2:-1y2p0ij31snh6</oid>
</rulescriterion>
<matchcriterion name="rulename" displayvalue="not applied" operator="contains" />
<matchcriterion name="elementname" displayvalue="not applied" operator="contains" />
<custompropertiescriterion name="elementprops" displayvalue="not applied" />
<custompropertiescriterion name="versionprops" displayvalue="not applied" />
<attributescriterion name="attributes" displayvalue="not applied">
<integer name=".missingimpliesfailure">1</integer>
</attributescriterion>
<contentcriterion name="content" displayvalue="not applied" />
<matchcriterion name="auditeventusername" displayvalue="not applied" operator="contains" />
<integercriterion name="changetype" displayvalue="added, modified, removed">
<integer>7</integer>
</integercriterion>
<severityrangecriterion name="severity" displayvalue="1 - 10000">
<integer name="min">1</integer>
<integer name="max">10000</integer>
</severityrangecriterion>
<booleancriterion name="currentversionsonly" displayvalue="yes">
<boolean value="true" />
</booleancriterion>
<timerangecriterion name="timerange" displayvalue="all time" />
<packagescriterion name="packages" displayvalue="not applied" />
<sortcriterion name="sortnodes" displayvalue="name, ascending" isascending="true">
<string>name</string>
</sortcriterion>
<sortcriterion name="sortrules" displayvalue="name, ascending" isascending="true">
<string>name</string>
</sortcriterion>
<sortcriterion name="sortelements" displayvalue="name, ascending" isascending="true">
<string>name</string>
</sortcriterion>
<sortcriterion name="sortversions" displayvalue="date, descending" isascending="false">
<string>date</string>
</sortcriterion>
</criteria>
</reporthead>
<reportbody>
<reportsection name="tripwireent.demo.net" category="node">
<oid>-1y2p0ij32e8bw:-1y2p0ij32e7cu</oid>
<string name="typename">windows server</string>
<reportsection name="critical system files" category="rule">
<oid>-1y2p0ij32e7q2:-1y2p0ij31snh6</oid>
<string name="typename">windows file system rule</string>
<reportsection name="c:\temp" category="element">
<oid>-1y2p0ij32e8dr:-1y2p0ij32e586</oid>
<reportsection name="08/10/14 22:48" category="version">
<oid>-1y2p0ij32e8du:-1y2p0ij32e3ho</oid>
<integer name="changetype">1</integer>
<string name="changetypename">added</string>
<integer name="severity">10000</integer>
<string name="severityname">high</string>
<timestamp name="changetime" displayvalue="08/10/14 22:48">1412779682000</timestamp>
<string name="approvalid"></string>
<reportsection name="attributes" category="attributes">
<reportsection name="dacl" category="added">
<string name="observed">inherits entries: true
nt authority\system, access allowed:
standard rights:
full control
modify
read & execute
list folder contents
read
write
delete
read control
write dac
write owner
synchronize
specific rights:
full control
traverse folder / execute file
list folder / read data
read attributes
read extended attributes
create files / write data
create folders / append data
write attributes
write extended attributes
directory delete child
read permissions
change permissions
take ownership
header flags:
object inherit
container inherit
inherited
builtin\administrators, access allowed:
standard rights:
full control
modify
read & execute
list folder contents
read
write
delete
read control
write dac
write owner
synchronize
specific rights:
full control
traverse folder / execute file
list folder / read data
read attributes
read extended attributes
create files / write data
create folders / append data
write attributes
write extended attributes
directory delete child
read permissions
change permissions
take ownership
header flags:
object inherit
container inherit
inherited
builtin\users, access allowed:
standard rights:
read & execute
list folder contents
read
read control
synchronize
specific rights:
traverse folder / execute file
list folder / read data
read attributes
read extended attributes
read permissions
header flags:
object inherit
container inherit
inherited
builtin\users, access allowed:
specific rights:
create folders / append data
header flags:
container inherit
inherited
builtin\users, access allowed:
specific rights:
create files / write data
header flags:
container inherit
inherited
creator owner, access allowed:
generic rights:
generic all
specific rights:
full control
traverse folder / execute file
list folder / read data
read attributes
read extended attributes
create files / write data
create folders / append data
write attributes
write extended attributes
directory delete child
read permissions
change permissions
take ownership
header flags:
object inherit
container inherit
inherit only
inherited
</string>
</reportsection>
<reportsection name="group" category="added">
<string name="observed">tripwireent\none</string>
</reportsection>
<reportsection name="owner" category="added">
<string name="observed">builtin\administrators</string>
</reportsection>
<reportsection name="read-only" category="added">
<string name="observed">false</string>
</reportsection>
<reportsection name="sacl" category="added">
<string name="observed">(null)</string>
</reportsection>
<reportsection name="type" category="added">
<string name="observed">directory</string>
</reportsection>
</reportsection>
</reportsection>
</reportsection>
<reportsection name="c:\windows\system32\drivers\etc\hosts" category="element">
<oid>-1y2p0ij32e8dr:-1y2p0ij32e4kp</oid>
<reportsection name="08/10/14 23:08" category="version">
<oid>-1y2p0ij32e8du:-1y2p0ij32e3hk</oid>
<integer name="changetype">2</integer>
<string name="changetypename">modified</string>
<integer name="severity">10000</integer>
<string name="severityname">high</string>
<timestamp name="changetime" displayvalue="08/10/14 23:08">1412780929000</timestamp>
<string name="approvalid"></string>
<reportsection name="attributes" category="attributes">
<reportsection name="sha-1" category="modified">
<string name="expected">de375d8a456a7345323babee88975ca567a2d5c4</string>
<string name="observed">3c5520382f91cb1cd898fee2da4eba3fa338d982</string>
</reportsection>
<reportsection name="size" category="modified">
<string name="expected">829</string>
<string name="observed">854</string>
</reportsection>
</reportsection>
</reportsection>
</reportsection>
</reportsection>
</reportsection>
<reportsection name="reporttotals" category="reporttotals">
<integer name="summary.nodecount">1</integer>
<integer name="summary.rulecount">1</integer>
<integer name="summary.elementcount">2</integer>
</reportsection>
</reportbody>
</reportoutput>
hi ritehere,
i know simple beginner in powershell script looking logic go through output provided not what i looking , script complicated, under timestamp wanted display value , correspoding display value oid name , name value correspoding oid. may u got wrong.
thanks anyways.
Windows Server > Windows PowerShell
Comments
Post a Comment