How to Parse this XML File and require below mentioned value as output using powershell script

-

need values below output below xml file me script:

under criteria tag-
timestamp display value
oid corresponding display value nodes "criterion"

under report body tag--
name in report section , oid value

 

 

<?xml version="1.0" encoding="utf-8"?>
<reportoutput>
    <reporthead>
        <report name="execution action" type="detailedchanges_rpt">
            <description></description>
        </report>
        <criteria>
            <timestampcriterion name="date" displayvalue="08/10/14 23:08">
                <timestamp displayvalue="08/10/14 23:08">1412780929000</timestamp>
            </timestampcriterion>
            <matchcriterion name="approvalid" displayvalue="not applied" operator="contains" />
            <matchcriterion name="promotioncomment" displayvalue="not applied" operator="contains" />
            <selectcriterion name="changewindow" displayvalue="not applied" />
            <selectcriterion name="auditevents" displayvalue="(any)">
                <string>auditeventany</string>
            </selectcriterion>
            <selectcriterion name="attributedisplay" displayvalue="changed attributes">
                <string>changed</string>
            </selectcriterion>
            <selectcriterion name="versioncompare" displayvalue="version current baseline">
                <string>disabled</string>
            </selectcriterion>
            <booleancriterion name="showcontentdiff" displayvalue="no">
                <boolean value="false" />
            </booleancriterion>
            <booleancriterion name="displayusers" displayvalue="no">
                <boolean value="false" />
            </booleancriterion>
            <booleancriterion name="displaypackages" displayvalue="no">
                <boolean value="false" />
            </booleancriterion>
            <booleancriterion name="displaycustomproperties" displayvalue="no">
                <boolean value="false" />
            </booleancriterion>
            <booleancriterion name="strictpackagematch" displayvalue="no">
                <boolean value="false" />
            </booleancriterion>
            <booleancriterion name="displaycriteriaatend" displayvalue="no">
                <boolean value="false" />
            </booleancriterion>
            <selectcriterion name="elementexists" displayvalue="not applied" />
            <integercriterion name="maxlinesperblock" displayvalue="10">
                <integer>10</integer>
            </integercriterion>
            <nodescriterion name="nodes" displayvalue="tripwireent.demo.net">
                <oid>-1y2p0ij32e8bw:-1y2p0ij32e7cu</oid>
            </nodescriterion>
            <matchcriterion name="nodename" displayvalue="not applied" operator="contains" />
            <custompropertiescriterion name="nodeprops" displayvalue="not applied" />
            <rulescriterion name="rules" displayvalue="critical system files">
                <oid>-1y2p0ij32e7q2:-1y2p0ij31snh6</oid>
            </rulescriterion>
            <matchcriterion name="rulename" displayvalue="not applied" operator="contains" />
            <matchcriterion name="elementname" displayvalue="not applied" operator="contains" />
            <custompropertiescriterion name="elementprops" displayvalue="not applied" />
            <custompropertiescriterion name="versionprops" displayvalue="not applied" />
            <attributescriterion name="attributes" displayvalue="not applied">
                <integer name=".missingimpliesfailure">1</integer>
            </attributescriterion>
            <contentcriterion name="content" displayvalue="not applied" />
            <matchcriterion name="auditeventusername" displayvalue="not applied" operator="contains" />
            <integercriterion name="changetype" displayvalue="added, modified, removed">
                <integer>7</integer>
            </integercriterion>
            <severityrangecriterion name="severity" displayvalue="1 - 10000">
                <integer name="min">1</integer>
                <integer name="max">10000</integer>
            </severityrangecriterion>
            <booleancriterion name="currentversionsonly" displayvalue="yes">
                <boolean value="true" />
            </booleancriterion>
            <timerangecriterion name="timerange" displayvalue="all time" />
            <packagescriterion name="packages" displayvalue="not applied" />
            <sortcriterion name="sortnodes" displayvalue="name, ascending" isascending="true">
                <string>name</string>
            </sortcriterion>
            <sortcriterion name="sortrules" displayvalue="name, ascending" isascending="true">
                <string>name</string>
            </sortcriterion>
            <sortcriterion name="sortelements" displayvalue="name, ascending" isascending="true">
                <string>name</string>
            </sortcriterion>
            <sortcriterion name="sortversions" displayvalue="date, descending" isascending="false">
                <string>date</string>
            </sortcriterion>
        </criteria>
    </reporthead>
    <reportbody>
        <reportsection name="tripwireent.demo.net" category="node">
            <oid>-1y2p0ij32e8bw:-1y2p0ij32e7cu</oid>
            <string name="typename">windows server</string>
            <reportsection name="critical system files" category="rule">
                <oid>-1y2p0ij32e7q2:-1y2p0ij31snh6</oid>
                <string name="typename">windows file system rule</string>
                <reportsection name="c:\temp" category="element">
                    <oid>-1y2p0ij32e8dr:-1y2p0ij32e586</oid>
                    <reportsection name="08/10/14 22:48" category="version">
                        <oid>-1y2p0ij32e8du:-1y2p0ij32e3ho</oid>
                        <integer name="changetype">1</integer>
                        <string name="changetypename">added</string>
                        <integer name="severity">10000</integer>
                        <string name="severityname">high</string>
                        <timestamp name="changetime" displayvalue="08/10/14 22:48">1412779682000</timestamp>
                        <string name="approvalid"></string>
                        <reportsection name="attributes" category="attributes">
                            <reportsection name="dacl" category="added">
                                <string name="observed">inherits entries: true

nt authority\system, access allowed:
 standard rights:
  full control
  modify
  read &amp; execute
  list folder contents
  read
  write
  delete
  read control
  write dac
  write owner
  synchronize
 specific rights:
  full control
  traverse folder / execute file
  list folder / read data
  read attributes
  read extended attributes
  create files / write data
  create folders / append data
  write attributes
  write extended attributes
  directory delete child
  read permissions
  change permissions
  take ownership

 header flags:
  object inherit
  container inherit
  inherited


builtin\administrators, access allowed:
 standard rights:
  full control
  modify
  read &amp; execute
  list folder contents
  read
  write
  delete
  read control
  write dac
  write owner
  synchronize
 specific rights:
  full control
  traverse folder / execute file
  list folder / read data
  read attributes
  read extended attributes
  create files / write data
  create folders / append data
  write attributes
  write extended attributes
  directory delete child
  read permissions
  change permissions
  take ownership

 header flags:
  object inherit
  container inherit
  inherited


builtin\users, access allowed:
 standard rights:
  read &amp; execute
  list folder contents
  read
  read control
  synchronize
 specific rights:
  traverse folder / execute file
  list folder / read data
  read attributes
  read extended attributes
  read permissions

 header flags:
  object inherit
  container inherit
  inherited


builtin\users, access allowed:
 specific rights:
  create folders / append data

 header flags:
  container inherit
  inherited


builtin\users, access allowed:
 specific rights:
  create files / write data

 header flags:
  container inherit
  inherited


creator owner, access allowed:
 generic rights:
  generic all
 specific rights:
  full control
  traverse folder / execute file
  list folder / read data
  read attributes
  read extended attributes
  create files / write data
  create folders / append data
  write attributes
  write extended attributes
  directory delete child
  read permissions
  change permissions
  take ownership

 header flags:
  object inherit
  container inherit
  inherit only
  inherited

</string>
                            </reportsection>
                            <reportsection name="group" category="added">
                                <string name="observed">tripwireent\none</string>
                            </reportsection>
                            <reportsection name="owner" category="added">
                                <string name="observed">builtin\administrators</string>
                            </reportsection>
                            <reportsection name="read-only" category="added">
                                <string name="observed">false</string>
                            </reportsection>
                            <reportsection name="sacl" category="added">
                                <string name="observed">(null)</string>
                            </reportsection>
                            <reportsection name="type" category="added">
                                <string name="observed">directory</string>
                            </reportsection>
                        </reportsection>
                    </reportsection>
                </reportsection>
                <reportsection name="c:\windows\system32\drivers\etc\hosts" category="element">
                    <oid>-1y2p0ij32e8dr:-1y2p0ij32e4kp</oid>
                    <reportsection name="08/10/14 23:08" category="version">
                        <oid>-1y2p0ij32e8du:-1y2p0ij32e3hk</oid>
                        <integer name="changetype">2</integer>
                        <string name="changetypename">modified</string>
                        <integer name="severity">10000</integer>
                        <string name="severityname">high</string>
                        <timestamp name="changetime" displayvalue="08/10/14 23:08">1412780929000</timestamp>
                        <string name="approvalid"></string>
                        <reportsection name="attributes" category="attributes">
                            <reportsection name="sha-1" category="modified">
                                <string name="expected">de375d8a456a7345323babee88975ca567a2d5c4</string>
                                <string name="observed">3c5520382f91cb1cd898fee2da4eba3fa338d982</string>
                            </reportsection>
                            <reportsection name="size" category="modified">
                                <string name="expected">829</string>
                                <string name="observed">854</string>
                            </reportsection>
                        </reportsection>
                    </reportsection>
                </reportsection>
            </reportsection>
        </reportsection>
        <reportsection name="reporttotals" category="reporttotals">
            <integer name="summary.nodecount">1</integer>
            <integer name="summary.rulecount">1</integer>
            <integer name="summary.elementcount">2</integer>
        </reportsection>
    </reportbody>
</reportoutput>

hi ritehere,

i know simple beginner in powershell script looking logic go through output provided not what i looking , script complicated, under timestamp wanted display value , correspoding display value oid name , name value correspoding oid. may u got wrong.

thanks anyways.




Windows Server  >  Windows PowerShell



Comments

Post a Comment

Popular posts from this blog

Azure MFA with Azure AD and RDS

-
i have setup following lab in azure , need help. a server (domain controller) , remote desktop services. and server multi factor authentication server. i have setup following one http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ and when im connecting got following error. the user "domain\username", on client computer "xxx.xxx.xxx.xxx", did not meet connection authorization policy requirements , therefore not authorized access rd gateway server. authentication method used was: "ntlm" , connection protocol used: "rpc-http". following error occurred: "23003". also on security log i've got following authentication details: connection request policy name: ts gateway authorization policy network policy name: - authentication provider: radius proxy authentication server: test.test.local authenticati...
Read more

Failed to setup initiator portal. Error status is given in the dump data.

-
hi team, server configured boot san  after booting  facing issue windows server 2008 r2 system logs continuously generating iscsi port error event id 5 failed setup initiator portal. error status given in dump data. eventdata \device\raidport1 000004000100000000000000050000c0000000000000000000000000000000000000000000000000070200c0 binary data: in words 0000: 00040000 00000001 00000000 c0000005 0008: 00000000 00000000 00000000 00000000 0010: 00000000 00000000 c0000207 in bytes 0000: 00 00 04 00 01 00 00 00 ........ 0008: 00 00 00 00 05 00 00 c0 .......À 0010: 00 00 00 00 00 00 00 00 ........ 0018: 00 00 00 00 00 00 00 00 ........ 0020: 00 00 00 00 00 00 00 00 ........ 0028: 07 02 00 c0 ...À hi, please read through article below troubleshoot issue: error event id 5 logged in system log on computer uses iscsi software initiator connect iscsi target device http://suppo...
Read more

Invalid pointer on gpresult /h gpreport.html

-
hello guys i getting following error when trying generate gpresult /h  xxx.html invalid pointer this happening on windows 7 pc using test group policy. tried pc same thing when same gpo applied . hi, try apply some other gpo clients, html report generated succefully? if no, may caused unregistered .dll files, try register .dll files previous thread suggested: http://social.technet.microsoft.com/forums/en-us/winservergp/thread/0ea20c5d-c0ae-457d-89d4-a1686a359e72 if yes, please tell detailed information problematic gpo settings reproduce problem , troubleshooting it. regards, cicely Windows Server  >  Group Policy
Read more