Microsoft Log Parser Toolkit

Microsoft Log Parser Toolkit

A Complete Toolkit for Microsoft's Undocumented Log Analysis Tool

1st Edition - February 10, 2005

Write a review

  • Authors: Gabriele Giuseppini, Mark Burnett
  • eBook ISBN: 9780080489391

Purchase options

Purchase options
DRM-free (EPub, Mobi, PDF)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order


Written by Microsoft's Log Parser developer, this is the first book available on Microsoft's popular yet undocumented log parser tool. The book and accompanying Web site contain hundreds of customized, working scripts and templates that system administrators will find invaluable for analyzing the log files from Windows Server, Snort IDS, ISA Server, IIS Server, Exchange Server, and other products. System administrators running Windows, Unix, and Linux networks manage anywhere from 1 to thousands of operating systems (Windows, Unix, etc.), Applications (Exchange, Snort, IIS, etc.), and hardware devices (firewalls, routers, etc.) that generate incredibly long and detailed log files of all activity on the particular application or device. This book will teach administrators how to use Microsoft's Log Parser to data mine all of the information available within these countless logs. The book teaches readers how all queries within Log Parser work (for example: a Log Parser query to an Exchange log may provide information on the origin of spam, viruses, etc.). Also, Log Parser is completely scriptable and customizable so the book will provide the reader with hundreds of original, working scripts that will automate these tasks and provide formatted charts and reports detailing the results of the queries.

Key Features

  • Written by Microsoft's sole developer of Log Parser, this is the first book available on the powerful yet completely undocumented product that ships with Microsoft's IIS, Windows Advanced Server 2003, and is available as a free download from the Microsoft Web site
  • This book and accompanying scripts will save system administrators countless hours by scripting and automating the most common to the most complex log analysis tasks


System Administrators

Table of Contents

  • Acknowledgments

    Technical Editor

    Lead Author

    Contributing authors


    Chapter 1: Introducing Log Parser

    A Brief Background

    Building Queries

    Gathering Input

    Producing Output

    Final Touches

    Chapter 2: Monitoring IIS

    Monitoring Performance and Usage

    Ensuring Stability

    Scanning for Security Breaches

    Final Touches

    Chapter 3: Exploring the Windows Event Log

    Monitoring User Activity

    Tracking System Health

    Monitoring Application Health

    Final Touches

    Chapter 4: Examining Network Traffic and Performance Logs with Log Parser

    In This Toolbox

    Reading Netmon Capture Files with Log Parser

    Deriving Data from NT Performance Logs

    Advanced Graphing Windows NT Performance Data with Log Parser

    Final Touches

    Chapter 5: Managing Snort Alerts

    Building Snort IDS Reports

    Final Touches

    Chapter 6: Managing Log Files

    In This Toolbox

    Log File Conversion

    Correlating Log File Data

    Identifying Related Data

    Converting Related Log Files

    Log Rotation and Archival

    Determining an Archiving Methodology

    Separating Logs

    Using Separated Log Files

    Final Touches

    Chapter 7: Investigating Intrusions

    In This Toolbox

    Locating Intrusions

    Monitoring Logons

    Excessive Failed Logons

    Terminal Services Logons

    Monitoring IIS

    Finding Modification Dates

    Reconstructing Intrusions

    Final Touches

    Chapter 8: Security Auditing

    Auditing IIS

    Auditing the File System

    Final Touches

    Chapter 9: Enhancing Log Parser

    Building Input Processors

    Examining Windows Service Configuration

    Using a Front End

    Managing Identity Flow to Remote Input Sources

    Maintaining a Responsive User Interface

    Developing Log Parser Scripts

    Final Touches

    Chapter 10: Formatting, Reporting, and Charting

    In This Toolbox

    Formatting Output

    Storing Data to a File

    Using Charts

    Final Touches

    Chapter 11: Handling Complex Data

    In This Toolbox

    Embedded Data

    Time-Based Queries

    Unsupported Input Formats

    Passing Data to Log Parser

    Emulating Joins

    Final Touches

    Appendix A: SQL Grammar Reference

    In This Toolbox

    Complete Syntax


    Query Syntax

    SELECT Clause

    USING Clause

    INTO Clause

    FROM Clause

    WHERE Clause

    GROUP BY Clause

    HAVING Clause

    ORDER BY Clause

    Appendix B: Function Reference

    In This Toolbox


    Appendix C: Input Format Reference

    In This Toolbox

    ADS Input Format

    BIN Input Format

    COM Input Format

    CSV Input Format

    ETW Input Format

    EVT Input Format

    FS Input Format

    HTTPERR Input Format

    IIS Input Format

    IISODBC Input Format

    IISW3C Input Format

    NCSA Input Format

    NETMON Input Format

    REG Input Format

    TEXTLINE Input Format

    TEXTWORD Input Format

    TSV Input Format

    URLSCAN Input Format

    W3C Input Format

    XML Input Format

    Appendix D: Output Format Reference

    In This Toolbox

    CHART Output Format

    CSV Output Format

    DATAGRID Output Format

    IIS Output Format

    NAT Output Format

    SQL Output Format

    SYSLOG Output Format

    TPL Output Format

    TSV Output Format

    W3C Output Format

    XML Output Format


Product details

  • No. of pages: 464
  • Language: English
  • Copyright: © Syngress 2005
  • Published: February 10, 2005
  • Imprint: Syngress
  • eBook ISBN: 9780080489391

About the Authors

Gabriele Giuseppini

Affiliations and Expertise

Software Design Engineer, Microsoft Corporation, U.S.A.

Mark Burnett

Affiliations and Expertise

Independant security consultant, U.S.A.

Ratings and Reviews

Write a review

There are currently no reviews for "Microsoft Log Parser Toolkit"