Microsoft Log Parser Toolkit
A Complete Toolkit for Microsoft's Undocumented Log Analysis Tool
- 1st Edition - February 10, 2005
- Latest edition
- Authors: Gabriele Giuseppini, Mark Burnett
- Language: English
Written by Microsoft's Log Parser developer, this is the first book available on Microsoft's popular yet undocumented log parser tool. The book and accompanying Web site contain hu… Read more
Written by Microsoft's Log Parser developer, this is the first book available on Microsoft's popular yet undocumented log parser tool. The book and accompanying Web site contain hundreds of customized, working scripts and templates that system administrators will find invaluable for analyzing the log files from Windows Server, Snort IDS, ISA Server, IIS Server, Exchange Server, and other products.
System administrators running Windows, Unix, and Linux networks manage anywhere from 1 to thousands of operating systems (Windows, Unix, etc.), Applications (Exchange, Snort, IIS, etc.), and hardware devices (firewalls, routers, etc.) that generate incredibly long and detailed log files of all activity on the particular application or device. This book will teach administrators how to use Microsoft's Log Parser to data mine all of the information available within these countless logs. The book teaches readers how all queries within Log Parser work (for example: a Log Parser query to an Exchange log may provide information on the origin of spam, viruses, etc.). Also, Log Parser is completely scriptable and customizable so the book will provide the reader with hundreds of original, working scripts that will automate these tasks and provide formatted charts and reports detailing the results of the queries.
- Written by Microsoft's sole developer of Log Parser, this is the first book available on the powerful yet completely undocumented product that ships with Microsoft's IIS, Windows Advanced Server 2003, and is available as a free download from the Microsoft Web site
- This book and accompanying scripts will save system administrators countless hours by scripting and automating the most common to the most complex log analysis tasks
System Administrators
Acknowledgments
Technical Editor
Lead Author
Contributing authors
Foreword
Chapter 1: Introducing Log Parser
A Brief Background
Building Queries
Gathering Input
Producing Output
Final Touches
Chapter 2: Monitoring IIS
Monitoring Performance and Usage
Ensuring Stability
Scanning for Security Breaches
Final Touches
Chapter 3: Exploring the Windows Event Log
Monitoring User Activity
Tracking System Health
Monitoring Application Health
Final Touches
Chapter 4: Examining Network Traffic and Performance Logs with Log Parser
In This Toolbox
Reading Netmon Capture Files with Log Parser
Deriving Data from NT Performance Logs
Advanced Graphing Windows NT Performance Data with Log Parser
Final Touches
Chapter 5: Managing Snort Alerts
Building Snort IDS Reports
Final Touches
Chapter 6: Managing Log Files
In This Toolbox
Log File Conversion
Correlating Log File Data
Identifying Related Data
Converting Related Log Files
Log Rotation and Archival
Determining an Archiving Methodology
Separating Logs
Using Separated Log Files
Final Touches
Chapter 7: Investigating Intrusions
In This Toolbox
Locating Intrusions
Monitoring Logons
Excessive Failed Logons
Terminal Services Logons
Monitoring IIS
Finding Modification Dates
Reconstructing Intrusions
Final Touches
Chapter 8: Security Auditing
Auditing IIS
Auditing the File System
Final Touches
Chapter 9: Enhancing Log Parser
Building Input Processors
Examining Windows Service Configuration
Using a Front End
Managing Identity Flow to Remote Input Sources
Maintaining a Responsive User Interface
Developing Log Parser Scripts
Final Touches
Chapter 10: Formatting, Reporting, and Charting
In This Toolbox
Formatting Output
Storing Data to a File
Using Charts
Final Touches
Chapter 11: Handling Complex Data
In This Toolbox
Embedded Data
Time-Based Queries
Unsupported Input Formats
Passing Data to Log Parser
Emulating Joins
Final Touches
Appendix A: SQL Grammar Reference
In This Toolbox
Complete Syntax
Field-Expressions
Query Syntax
SELECT Clause
USING Clause
INTO Clause
FROM Clause
WHERE Clause
GROUP BY Clause
HAVING Clause
ORDER BY Clause
Appendix B: Function Reference
In This Toolbox
Functions
Appendix C: Input Format Reference
In This Toolbox
ADS Input Format
BIN Input Format
COM Input Format
CSV Input Format
ETW Input Format
EVT Input Format
FS Input Format
HTTPERR Input Format
IIS Input Format
IISODBC Input Format
IISW3C Input Format
NCSA Input Format
NETMON Input Format
REG Input Format
TEXTLINE Input Format
TEXTWORD Input Format
TSV Input Format
URLSCAN Input Format
W3C Input Format
XML Input Format
Appendix D: Output Format Reference
In This Toolbox
CHART Output Format
CSV Output Format
DATAGRID Output Format
IIS Output Format
NAT Output Format
SQL Output Format
SYSLOG Output Format
TPL Output Format
TSV Output Format
W3C Output Format
XML Output Format
Index
- Edition: 1
- Latest edition
- Published: February 10, 2005
- Language: English
GG
Gabriele Giuseppini
Affiliations and expertise
Software Design Engineer, Microsoft Corporation, U.S.A.MB
Mark Burnett
Affiliations and expertise
Independant security consultant, U.S.A.Read Microsoft Log Parser Toolkit on ScienceDirect