COVID-19 Update: We are currently shipping orders daily. However, due to transit disruptions in some geographies, deliveries may be delayed. To provide all customers with timely access to content, we are offering 50% off Science and Technology Print & eBook bundle options. Terms & conditions.
Microsoft Log Parser Toolkit - 1st Edition - ISBN: 9781932266528, 9780080489391

Microsoft Log Parser Toolkit

1st Edition

A Complete Toolkit for Microsoft's Undocumented Log Analysis Tool

Authors: Gabriele Giuseppini Mark Burnett
eBook ISBN: 9780080489391
Paperback ISBN: 9781932266528
Imprint: Syngress
Published Date: 10th February 2005
Page Count: 464
Sales tax will be calculated at check-out Price includes VAT/GST
Price includes VAT/GST

Institutional Subscription

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.


Written by Microsoft's Log Parser developer, this is the first book available on Microsoft's popular yet undocumented log parser tool. The book and accompanying Web site contain hundreds of customized, working scripts and templates that system administrators will find invaluable for analyzing the log files from Windows Server, Snort IDS, ISA Server, IIS Server, Exchange Server, and other products.

System administrators running Windows, Unix, and Linux networks manage anywhere from 1 to thousands of operating systems (Windows, Unix, etc.), Applications (Exchange, Snort, IIS, etc.), and hardware devices (firewalls, routers, etc.) that generate incredibly long and detailed log files of all activity on the particular application or device. This book will teach administrators how to use Microsoft's Log Parser to data mine all of the information available within these countless logs. The book teaches readers how all queries within Log Parser work (for example: a Log Parser query to an Exchange log may provide information on the origin of spam, viruses, etc.). Also, Log Parser is completely scriptable and customizable so the book will provide the reader with hundreds of original, working scripts that will automate these tasks and provide formatted charts and reports detailing the results of the queries.

Key Features

  • Written by Microsoft's sole developer of Log Parser, this is the first book available on the powerful yet completely undocumented product that ships with Microsoft's IIS, Windows Advanced Server 2003, and is available as a free download from the Microsoft Web site
  • This book and accompanying scripts will save system administrators countless hours by scripting and automating the most common to the most complex log analysis tasks


System Administrators

Table of Contents


Technical Editor

Lead Author

Contributing authors


Chapter 1: Introducing Log Parser

A Brief Background

Building Queries

Gathering Input

Producing Output

Final Touches

Chapter 2: Monitoring IIS

Monitoring Performance and Usage

Ensuring Stability

Scanning for Security Breaches

Final Touches

Chapter 3: Exploring the Windows Event Log

Monitoring User Activity

Tracking System Health

Monitoring Application Health

Final Touches

Chapter 4: Examining Network Traffic and Performance Logs with Log Parser

In This Toolbox

Reading Netmon Capture Files with Log Parser

Deriving Data from NT Performance Logs

Advanced Graphing Windows NT Performance Data with Log Parser

Final Touches

Chapter 5: Managing Snort Alerts

Building Snort IDS Reports

Final Touches

Chapter 6: Managing Log Files

In This Toolbox

Log File Conversion

Correlating Log File Data

Identifying Related Data

Converting Related Log Files

Log Rotation and Archival

Determining an Archiving Methodology

Separating Logs

Using Separated Log Files

Final Touches

Chapter 7: Investigating Intrusions

In This Toolbox

Locating Intrusions

Monitoring Logons

Excessive Failed Logons

Terminal Services Logons

Monitoring IIS

Finding Modification Dates

Reconstructing Intrusions

Final Touches

Chapter 8: Security Auditing

Auditing IIS

Auditing the File System

Final Touches

Chapter 9: Enhancing Log Parser

Building Input Processors

Examining Windows Service Configuration

Using a Front End

Managing Identity Flow to Remote Input Sources

Maintaining a Responsive User Interface

Developing Log Parser Scripts

Final Touches

Chapter 10: Formatting, Reporting, and Charting

In This Toolbox

Formatting Output

Storing Data to a File

Using Charts

Final Touches

Chapter 11: Handling Complex Data

In This Toolbox

Embedded Data

Time-Based Queries

Unsupported Input Formats

Passing Data to Log Parser

Emulating Joins

Final Touches

Appendix A: SQL Grammar Reference

In This Toolbox

Complete Syntax


Query Syntax


USING Clause

INTO Clause

FROM Clause

WHERE Clause




Appendix B: Function Reference

In This Toolbox


Appendix C: Input Format Reference

In This Toolbox

ADS Input Format

BIN Input Format

COM Input Format

CSV Input Format

ETW Input Format

EVT Input Format

FS Input Format

HTTPERR Input Format

IIS Input Format

IISODBC Input Format

IISW3C Input Format

NCSA Input Format

NETMON Input Format

REG Input Format

TEXTLINE Input Format

TEXTWORD Input Format

TSV Input Format

URLSCAN Input Format

W3C Input Format

XML Input Format

Appendix D: Output Format Reference

In This Toolbox

CHART Output Format

CSV Output Format

DATAGRID Output Format

IIS Output Format

NAT Output Format

SQL Output Format

SYSLOG Output Format

TPL Output Format

TSV Output Format

W3C Output Format

XML Output Format



No. of pages:
© Syngress 2005
10th February 2005
eBook ISBN:
Paperback ISBN:

About the Authors

Gabriele Giuseppini

Affiliations and Expertise

Software Design Engineer, Microsoft Corporation, U.S.A.

Mark Burnett

Affiliations and Expertise

Independant security consultant, U.S.A.

Ratings and Reviews