Microsoft Log Parser Toolkit

Book description

Written by Microsoft's Log Parser developer, this is the first book available on Microsoft's popular yet undocumented log parser tool. The book and accompanying Web site contain hundreds of customized, working scripts and templates that system administrators will find invaluable for analyzing the log files from Windows Server, Snort IDS, ISA Server, IIS Server, Exchange Server, and other products.

System administrators running Windows, Unix, and Linux networks manage anywhere from 1 to thousands of operating systems (Windows, Unix, etc.), Applications (Exchange, Snort, IIS, etc.), and hardware devices (firewalls, routers, etc.) that generate incredibly long and detailed log files of all activity on the particular application or device. This book will teach administrators how to use Microsoft's Log Parser to data mine all of the information available within these countless logs. The book teaches readers how all queries within Log Parser work (for example: a Log Parser query to an Exchange log may provide information on the origin of spam, viruses, etc.). Also, Log Parser is completely scriptable and customizable so the book will provide the reader with hundreds of original, working scripts that will automate these tasks and provide formatted charts and reports detailing the results of the queries.

  • Written by Microsoft's sole developer of Log Parser, this is the first book available on the powerful yet completely undocumented product that ships with Microsoft's IIS, Windows Advanced Server 2003, and is available as a free download from the Microsoft Web site
  • This book and accompanying scripts will save system administrators countless hours by scripting and automating the most common to the most complex log analysis tasks

Table of contents

  1. Cover
  2. Title Page
  3. Acknowledgments
  4. Technical Editor
  5. Lead Author
  6. Contributing authors
  7. Foreword
  8. Table of Contents
  9. Chapter 1: Introducing Log Parser
    1. A Brief Background
    2. Building Queries
    3. Gathering Input
    4. Producing Output
    5. Final Touches
  10. Chapter 2: Monitoring IIS
    1. Monitoring Performance and Usage
    2. Ensuring Stability
    3. Scanning for Security Breaches
    4. Final Touches
  11. Chapter 3: Exploring the Windows Event Log
    1. Monitoring User Activity
    2. Tracking System Health
    3. Monitoring Application Health
    4. Final Touches
  12. Chapter 4: Examining Network Traffic and Performance Logs with Log Parser
    1. In This Toolbox
    2. Reading Netmon Capture Files with Log Parser
    3. Deriving Data from NT Performance Logs
    4. Advanced Graphing Windows NT Performance Data with Log Parser
    5. Final Touches
  13. Chapter 5: Managing Snort Alerts
    1. Building Snort IDS Reports
    2. Final Touches
  14. Chapter 6: Managing Log Files
    1. In This Toolbox
    2. Log File Conversion
    3. Correlating Log File Data
    4. Identifying Related Data
    5. Converting Related Log Files
    6. Log Rotation and Archival
    7. Determining an Archiving Methodology
    8. Separating Logs
    9. Using Separated Log Files
    10. Final Touches
  15. Chapter 7: Investigating Intrusions
    1. In This Toolbox
    2. Locating Intrusions
    3. Monitoring Logons
    4. Excessive Failed Logons
    5. Terminal Services Logons
    6. Monitoring IIS
    7. Finding Modification Dates
    8. Reconstructing Intrusions
    9. Final Touches
  16. Chapter 8: Security Auditing
    1. Auditing IIS
    2. Auditing the File System
    3. Final Touches
  17. Chapter 9: Enhancing Log Parser
    1. Building Input Processors
    2. Examining Windows Service Configuration
    3. Using a Front End
    4. Managing Identity Flow to Remote Input Sources
    5. Maintaining a Responsive User Interface
    6. Developing Log Parser Scripts
    7. Final Touches
  18. Chapter 10: Formatting, Reporting, and Charting
    1. In This Toolbox
    2. Formatting Output
    3. Storing Data to a File
    4. Using Charts
    5. Final Touches
  19. Chapter 11: Handling Complex Data
    1. In This Toolbox
    2. Embedded Data
    3. Time-Based Queries
    4. Unsupported Input Formats
    5. Passing Data to Log Parser
    6. Emulating Joins
    7. Final Touches
  20. Appendix A: SQL Grammar Reference
    1. In This Toolbox
    2. Complete Syntax
    3. Field-Expressions
    4. Query Syntax
    5. SELECT Clause
    6. USING Clause
    7. INTO Clause
    8. FROM Clause
    9. WHERE Clause
    10. GROUP BY Clause
    11. HAVING Clause
    12. ORDER BY Clause
  21. Appendix B: Function Reference
    1. In This Toolbox
    2. Functions
  22. Appendix C: Input Format Reference
    1. In This Toolbox
    2. ADS Input Format
    3. BIN Input Format
    4. COM Input Format
    5. CSV Input Format
    6. ETW Input Format
    7. EVT Input Format
    8. FS Input Format
    9. HTTPERR Input Format
    10. IIS Input Format
    11. IISODBC Input Format
    12. IISW3C Input Format
    13. NCSA Input Format
    14. NETMON Input Format
    15. REG Input Format
    16. TEXTLINE Input Format
    17. TEXTWORD Input Format
    18. TSV Input Format
    19. URLSCAN Input Format
    20. W3C Input Format
    21. XML Input Format
  23. Appendix D: Output Format Reference
    1. In This Toolbox
    2. CHART Output Format
    3. CSV Output Format
    4. DATAGRID Output Format
    5. IIS Output Format
    6. NAT Output Format
    7. SQL Output Format
    8. SYSLOG Output Format
    9. TPL Output Format
    10. TSV Output Format
    11. W3C Output Format
    12. XML Output Format
  24. Index

Product information

  • Title: Microsoft Log Parser Toolkit
  • Author(s): Gabriele Giuseppini, Mark Burnett
  • Release date: February 2005
  • Publisher(s): Syngress
  • ISBN: 9780080489391