Description

Written by Microsoft's Log Parser developer, this is the first book available on Microsoft's popular yet undocumented log parser tool. The book and accompanying Web site contain hundreds of customized, working scripts and templates that system administrators will find invaluable for analyzing the log files from Windows Server, Snort IDS, ISA Server, IIS Server, Exchange Server, and other products.

System administrators running Windows, Unix, and Linux networks manage anywhere from 1 to thousands of operating systems (Windows, Unix, etc.), Applications (Exchange, Snort, IIS, etc.), and hardware devices (firewalls, routers, etc.) that generate incredibly long and detailed log files of all activity on the particular application or device. This book will teach administrators how to use Microsoft's Log Parser to data mine all of the information available within these countless logs. The book teaches readers how all queries within Log Parser work (for example: a Log Parser query to an Exchange log may provide information on the origin of spam, viruses, etc.). Also, Log Parser is completely scriptable and customizable so the book and accompanying Web site will provide the reader with hundreds of original, working scripts that will automate these tasks and provide formatted charts and reports detailing the results of the queries.

Key Features

  • Written by Microsoft's sole developer of Log Parser, this is the first book available on the powerful yet completely undocumented product that ships with Microsoft's IIS, Windows Advanced Server 2003, and is available as a free download from the Microsoft Web site
  • The book and accompanying Web site contain dozens of original, working Log Parser scripts and templates for Windows Server, ISA Server, Snort IDS, Exchange Server, IIS, and more!
  • This book and accompanying scripts will save system administrators countless hours by scripting and automating the most common to the most complex log analysis tasks

Readership

System Administrators

Table of Contents

Acknowledgments

Technical Editor

Lead Author

Contributing authors

Foreword

Chapter 1: Introducing Log Parser

A Brief Background

Building Queries

Gathering Input

Producing Output

Final Touches

Chapter 2: Monitoring IIS

Monitoring Performance and Usage

Ensuring Stability

Scanning for Security Breaches

Final Touches

Chapter 3: Exploring the Windows Event Log

Monitoring User Activity

Tracking System Health

Monitoring Application Health

Final Touches

Chapter 4: Examining Network Traffic and Performance Logs with Log Parser

In This Toolbox

Reading Netmon Capture Files with Log Parser

Deriving Data from NT Performance Logs

Advanced Graphing Windows NT Performance Data with Log Parser

Final Touches

Chapter 5: Managing Snort Alerts

Building Snort IDS Reports

Final Touches

Chapter 6: Managing Log Files

In This Toolbox

Log File Conversion

Correlating Log File Data

Identifying Related Data

Converting Related Log Files

Log Rotation and Archival

Determining an Archiving Methodology

Separating Logs

Using Separated Log Files

Final Touches

Chapter 7: Investigating Intrusions

In This Toolbox

Locating Intrusions

Monitoring Logons

Excessive Failed Logons

Terminal Services Logons

Monitoring IIS

Finding Modification Dates

Reconstructing Intrusions

Final Touches

Chapter 8: Security Auditing

Auditing IIS

Auditing the File System

Final Touches

Chapter 9: Enhancing Log Parser

Building Input Processors

Examining Windows Service Configuration

Using a Front End

Managing Identity Flow to Remote Input Sources

Maintaining a

Details

No. of pages:
350
Language:
English
Copyright:
© 2005
Published:
Imprint:
Syngress
eBook ISBN:
9780080489391
Print ISBN:
9781932266528

About the authors

Gabriele Giuseppini

Affiliations and Expertise

Software Design Engineer, Microsoft Corporation, U.S.A.

Mark Burnett

Affiliations and Expertise

Independant security consultant, U.S.A.