Microsoft Log Parser Toolkit

A complete toolkit for Microsoft's undocumented log analysis tool


  • Gabriele Giuseppini, Software Design Engineer, Microsoft Corporation, U.S.A.
  • Mark Burnett, Independant security consultant, U.S.A.

HIGHLIGHTWritten by Microsoft's Log Parser developer, this is the first book available on Microsoft's popular yet undocumented log parser tool. The book and accompanying Web site contain hundreds of customized, working scripts and templates that system administrators will find invaluable for analyzing the log files from Windows Server, Snort IDS, ISA Server, IIS Server, Exchange Server, and other products.System administrators running Windows, Unix, and Linux networks manage anywhere from 1 to thousands of operating systems (Windows, Unix, etc.), Applications (Exchange, Snort, IIS, etc.), and hardware devices (firewalls, routers, etc.) that generate incredibly long and detailed log files of all activity on the particular application or device. This book will teach administrators how to use Microsoft's Log Parser to data mine all of the information available within these countless logs. The book teaches readers how all queries within Log Parser work (for example: a Log Parser query to an Exchange log may provide information on the origin of spam, viruses, etc.). Also, Log Parser is completely scriptable and customizable so the book and accompanying Web site will provide the reader with hundreds of original, working scripts that will automate these tasks and provide formatted charts and reports detailing the results of the queries.
View full description


System Administrators.


Book information

  • Published: February 2005
  • Imprint: SYNGRESS
  • ISBN: 978-1-932266-52-8

Table of Contents

1. Parsing Logfile Data 2. Assuring IIS Performance and Stability 3. Tracking Down Intruders 4. Getting the Most from Exchange Server Logs 5. Finding Knowledge in the Windows EventLog 6. Tracking ISA Server Logs 7. Enhancing Log Parser with Custom Input Processors 8. Formatting, Reporting, and Charting 9. The Log Parser Security Audit 10. Keeping an Eye on Critical Servers 11. Working with Tricky Data 12. Converting, Rotating, and Archiving Logs 13. Log Parser: The All-Purpose Hacker's Tool 14. Studying Firewall, IDS, and Router Logs Appendix A: Log Parser SQL Grammar Reference Appendix B: Log Parser Function Reference Appendix C: Log Parser Input Format Reference Appendix D: Log Parser Output Format Reference