Processing Snort Logs with Powershell 3.0

I had a group of snort logs (total about 144 MB) I wanted to process in batch. To do this I embedded a a new PSOBJECT inside a foreach loop. 'Select-string' ('sls') isn't the speediest search, but fast enough.

Function Process-SnortLogs {
$SelectPorts = foreach ($i in ($(ls snort.log.*)))
{
$a=.\snort -qr $i.Name;
New-Object PSObject -Property  @{
LogName = $i.Name;
LastWrite = $i.LastWriteTime;
Total = $($a.count);
P445 = (($a | sls -allmatches ':445').matches).count;
P443 = (($a | sls -allmatches ':443').matches).count;
P80 =   (($a | sls -allmatches ':80').matches).count;
P53 =   (($a | sls -allmatches ':53').matches).count;
}
}
}

Process-SnortLogs
$SelectPorts | Select LogName,LastWrite,P53,P80,P443,P445,Total | ft -auto

LogName              LastWrite               P53    P80  P443 P445  Total
-------              ---------               ---    ---  ---- ----  -----
snort.log.1304098553 4/29/2011 10:36:45 AM     0      0     2    0     10
snort.log.1304098783 4/29/2011 10:39:45 AM     0      0     3    0     15
snort.log.1304098850 4/29/2011 10:43:57 AM     0      4    17    0    105
snort.log.1339265058 6/9/2012 11:44:35 AM   2706  10429  7052  110 114395
snort.log.1339278740 6/9/2012 3:10:55 PM    1415    898  1232    7  26019
snort.log.1349466038 10/5/2012 1:57:33 PM   2489   6365  9465   70 149126
snort.log.1349554671 10/6/2012 1:18:00 PM     25      0     0    0    325
snort.log.1349554686 10/6/2012 3:52:18 PM   9820  39956 27617  175 482248
snort.log.1370643770 6/7/2013 5:20:12 PM    2138      8  6482    0  43290
snort.log.1373764041 7/13/2013 7:08:13 PM  30095 101367 26708  239 683162
snort.log.1373770657 7/13/2013 8:01:32 PM     21      0     5    0    545

Here I get the percentage of ports 53,80,443,445 for each snort log:

$SelectPorts | Select LogName, LastWrite, Total,`
 @{Label='%P53';Expression={[LONG]([float]($_.P53 /$_.Total) * 100)}},`
 @{Label='%P80';Expression={[LONG]([float]($_.P80 /$_.Total) * 100)}},`
 @{Label='%P443';Expression={[LONG]([float]($_.P443 /$_.Total) * 100)}},`
 @{Label='%P445';Expression={[LONG]([float]($_.P445 /$_.Total) * 100)}} |  sort -desc Total |  ft * -auto

LogName              LastWrite              Total %P53 %P80 %P443 %P445
-------              ---------              ----- ---- ---- ----- -----
snort.log.1373764041 7/13/2013 7:08:13 PM  683162    4   15     4     0
snort.log.1349554686 10/6/2012 3:52:18 PM  482248    2    8     6     0
snort.log.1349466038 10/5/2012 1:57:33 PM  149126    2    4     6     0
snort.log.1339265058 6/9/2012 11:44:35 AM  114395    2    9     6     0
snort.log.1370643770 6/7/2013 5:20:12 PM    43290    5    0    15     0
snort.log.1339278740 6/9/2012 3:10:55 PM    26019    5    3     5     0
snort.log.1373770657 7/13/2013 8:01:32 PM     545    4    0     1     0
snort.log.1349554671 10/6/2012 1:18:00 PM     325    8    0     0     0
snort.log.1304098850 4/29/2011 10:43:57 AM    105    0    4    16     0
snort.log.1304098783 4/29/2011 10:39:45 AM     15    0    0    20     0
snort.log.1304098553 4/29/2011 10:36:45 AM     10    0    0    20     0