Friday, February 03, 2006

Log parser review. The "forgotten" power tool?

Logparser 2.0.

Logparser 2.0 has been around since 2002, but you hardly ever hear anyone talking about it. This is a great tool for parsing logs,
if you get to know it. Logparser comes with a huge amount of options and flags, and as far as I know, no GUI, (Graphical User Interface), which might scare of some administrators. I am from the world of Unix, and command line freak, so the CLI that logparser
offers, is just perfect. (No CLI vs GUI flames, please).

As this is a blog, I will not go into every detail about Logparser. You will have to explore it yourself. I do recommend it, it is really a powertool for Windows Administrators and Expert users, with the ability to give you a good overview of all the logs your machines
are producing. You could write batchjobs to parse your Event Log, the Registry, the file system, and Active Directory®,
and have it mailed to you every morning. Would not that be nice? The results of your query can also be custom-formatted in text based output, or they can be persisted to more specialty targets like SQL, SYSLOG, or a chart.

With some tweaking, you could make your log queries and results "management" understandable, and have the output of your
loganalyze to a human readable format.

Not to scare you off logparser, but here is all the flags you will be able to use:

C:\Program\Log Parser>logparser

Microsoft (R) Log Parser Version 2.0
Copyright (C) 2002 Microsoft Corporation. All rights reserved.

Usage: LogParser [-i:] [-o:]
| file:
[] []
[-q[:ON|OFF]] [-e:] [-iw[:ON|OFF]]
[-stats[:ON|OFF]]

LogParser -c -i: -o:
[] []
[] [-multisite[:ON|OFF]
[-q[:ON|OFF]] [-e:] [-iw[:ON|OFF]]
[-stats[:ON|OFF]]

-i: : one of IISW3C, NCSA, IIS, ODBC, BIN, IISMSID,
HTTPERR, URLSCAN, CSV, W3C, EVT, TEXTLINE, TEXTWORD,
FS (if omitted, will guess from the FROM clause)
-o: : one of CSV, XML, NAT, W3C, IIS, SQL, TPL, NULL (if
omitted, will guess from the TO clause)
-q[:ON|OFF] : quiet mode; default is OFF
-e: : max # of parse errors before aborting; default is -1
(ignore all)
-iw[:ON|OFF] : ignore warnings; default is OFF
-stats[:ON|OFF] : dump stats after executing query; default is ON
-c : use built-in conversion query
-multisite[:ON|OFF] : send BIN conversion output to multiple files
depending on the SiteID value; default is OFF


Examples:
LogParser "SELECT date, REVERSEDNS(c-ip) AS Client, COUNT(*) FROM file.log
WHERE sc-status<>200 GROUP BY date, Client" -e:10
LogParser -c -i:BIN -o:W3C file1.log file2.log "ComputerName IS NOT NULL"

Help:
-h 1 : SQL Language Grammar
-h 2 [ ] : Functions Syntax
-h 3 : Example queries
-h -i: : Help on
-h -o: : Help on
-h -c : Conversion help

"Most software is designed to accomplish a limited number of specific tasks. Log Parser is different... the number of ways it can be used is limited only by the needs and imagination of the user. The world is your database with Log Parser."
Posted by at

1 comment:

Steffi said...

Thank you for the info. It sounds pretty user friendly. I guess I’ll pick one up for fun.

Thank u.



Power Tool

3:12 AM

Post a Comment

Subscribe to: Post Comments (Atom)