Microsoft Log Parser Toolkit: A complete toolkit for Microsoft's undocumented log analysis tool [Illustrated] [Paperback]

Gabriele Giuseppini (Author), Mark Burnett (Author), Jeremy Faircloth (Author), Dave Kleiman (Author)

Book Description

ISBN-10: 1932266526 | ISBN-13: 978-1932266528 | Publication Date: February 24, 2005 | Edition: 1

HIGHLIGHT
Written by Microsoft's Log Parser developer, this is the first book available on Microsoft's popular yet undocumented log parser tool. The book and accompanying Web site contain hundreds of customized, working scripts and templates that system administrators will find invaluable for analyzing the log files from Windows Server, Snort IDS, ISA Server, IIS Server, Exchange Server, and other products.

System administrators running Windows, Unix, and Linux networks manage anywhere from 1 to thousands of operating systems (Windows, Unix, etc.), Applications (Exchange, Snort, IIS, etc.), and hardware devices (firewalls, routers, etc.) that generate incredibly long and detailed log files of all activity on the particular application or device. This book will teach administrators how to use Microsoft's Log Parser to data mine all of the information available within these countless logs. The book teaches readers how all queries within Log Parser work (for example: a Log Parser query to an Exchange log may provide information on the origin of spam, viruses, etc.). Also, Log Parser is completely scriptable and customizable so the book and accompanying Web site will provide the reader with hundreds of original, working scripts that will automate these tasks and provide formatted charts and reports detailing the results of the queries.

* Written by Microsoft's sole developer of Log Parser, this is the first book available on the powerful yet completely undocumented product that ships with Microsoft's IIS, Windows Advanced Server 2003, and is available as a free download from the
Microsoft Web site.

* The book and accompanying Web site contain dozens of original, working Log Parser scripts and templates for Windows Server, ISA Server, Snort IDS, Exchange Server, IIS, and more!

* This book and accompanying scripts will save system administrators countless hours by scripting and automating the most common to the most complex log analysis tasks.

Editorial Reviews

From the Author

"From the Author" Forum where the authors post timely updates and links to related sites

Downloadable chapters from these best selling books:

Google Hacking for Penetration Testers

Dr. Tom Shinder's Configuring ISA Server 2004

Snort 2.1 Intrusion Detection, Second Edition

Nessus Network Auditing

About the Author

Gabriele Giuseppini is a Software Design Engineer at Microsoft Corporation in the Security Business Unit, where he developed Microsoft Log Parser to analyze log files. Originally from Rome, Italy, after working for years in the digital signal processing field, he moved to the United States with his family in 1999, and joined Microsoft Corporation as a Software Design Engineer working on Microsoft Internet Information Services.

Mark Burnett (Technical Editor) is an independent researcher, consultant, and writer specializing in Windows security. Mark is author of Hacking the Code: ASP.NET Web Application Security (Syngress Publishing, ISBN: 1-932266-65-8), co-author of Maximum Windows 2000 Security (SAMS Publishing, ISBN: 0-672319-65-9), co-author of Stealing The Network: How to Own the Box (Syngress Publishing, ISBN: 1-931836-87-6), and is a contributor to Dr. Tom Shinder's ISA Server and Beyond: Real World Security Solutions for Microsoft Enterprise Networks (Syngress Publishing, ISBN: 1-931836-66-3). He is a contributor and technical editor for Syngress Publishing's Special Ops: Host and Network Security for Microsoft, UNIX, and Oracle (ISBN: 1-931836-69-8). Mark speaks at various security conferences and has published articles in Windows IT Pro Magazine (formerly Windows & .NET Magazine), Redmond Magazine, Information Security, Windows Web Solutions, Security Administrator, SecurityFocus.com, and various other print and online publications. Mark is a Microsoft Windows Server Most Valued Professional (MVP) for Internet Information Services (IIS).

Product Details

• Paperback: 350 pages
• Publisher: Syngress; 1 edition (February 24, 2005)
• Language: English
• ISBN-10: 1932266526
• ISBN-13: 978-1932266528
• Product Dimensions: 9 x 7 x 1.1 inches
• Shipping Weight: 1.6 pounds (View shipping rates and policies)
• Average Customer Review: 4.5 out of 5 stars  See all reviews (11 customer reviews)
• Amazon Best Sellers Rank: #687,640 in Books (See Top 100 in Books)

More About the Author

Jeremy Faircloth (Security+, CCNA, MCSE, MCP+I, A+) is a Sr. Manager/Solutions Architect for Best Buy, where he and his team architect and maintain enterprise-wide client/server and Web-based technologies. He is a member of the Society for Technical Communication and frequently acts as a technical resource for other IT professionals through teaching and writing, using his expertise to help others expand their knowledge. As a systems engineer with over 19 years of real-world IT experience, he has become an expert in many areas including Web development, database administration, enterprise security, network design, large enterprise applications and project management. Jeremy is also a contributing author to over a dozen technical books covering a variety of topics.

Customer Reviews

Most Helpful Customer Reviews

6 of 6 people found the following review helpful:

5.0 out of 5 stars A must have for the Network Administrator / Security Pro, February 22, 2005

By 

Dave Kleiman "DaveKleiman.com" (Florida USA) - See all my reviews
(REAL NAME)   

This review is from: Microsoft Log Parser Toolkit: A complete toolkit for Microsoft's undocumented log analysis tool (Paperback)

This is a complete reference for utilizing the Microsoft'Log Parser Tool in real world scenarios.
The authors do an outstanding job of bringing you from the basics of Log Parser through advanced techniques and tricks. I have thoroughly enjoyed reading it end to end, and have begun utilizing Log Parser in my daily log assessment routines. The Tips, Swiss Army Knifes, and Master Craftsman sidebars prove extremely creative and helpful.

8 of 9 people found the following review helpful:

5.0 out of 5 stars Learn how to harness the power of Log Parser!, February 18, 2005

By 

Gabriele Giuseppini (Amsterdam, the Netherlands) - See all my reviews
(REAL NAME)   

This review is from: Microsoft Log Parser Toolkit: A complete toolkit for Microsoft's undocumented log analysis tool (Paperback)

Log Parser is a Swiss-army knife tool that provides users with a powerful set of basic features that analyze, slice, and report on a large variety of information.
The idea of writing this book stemmed from the realization that most of the Log Parser users find it difficult to harness the power of the tool and discover how to customize and use its basic features to complete the task at hand.
"The Microsoft Log Parser Toolkit" has been written by users that have been employing the tool for years to manage their IT systems, and shows the scripts, queries, and tricks that they use on their jobs.
The first chapter gives you a thorough understanding of the Log Parser SQL-like language (how do I filter Event Log entries? How do I search for specific Web requests in time? How do I calculate statistics?), introduces you to the many input and output formats supported by version 2.2 (including the newest ADS, TSV, and NETMON input formats and the CHART and SYSLOG output formats), and delves into those little-known additional features that enhance this tool's productivity (including incremental parsing and output multiplexing).
The next 10 chapters provide solutions and working examples for all the problems that can be quickly solved with Log Parser.
With these chapters you will learn how to script the tool features, how to write input format plug-ins to provide your own data to Log Parser, and how to best employ its input and output formats to create charts, reports, and web applications.
You will see techniques used by the authors to perform security auditing and intrusion detection, to analyze server performance, and to manage and monitor IIS servers.
Regardless of whether you are new to Log Parser, or if you are an experienced user, this book will give you new ideas and discover a few new tricks that you never thought of before!

4 of 4 people found the following review helpful:

5.0 out of 5 stars Excellent Real World Examples, March 2, 2006

By 

Mike Lawton (Roanoke, VA) - See all my reviews
(REAL NAME)   

Amazon Verified Purchase

This review is from: Microsoft Log Parser Toolkit: A complete toolkit for Microsoft's undocumented log analysis tool (Paperback)

I bought this book thinking it would be a good reference point for using Log Parser 2.2, and am exceedingly impressed with the volume of real-world, practical examples.

Within minutes I had several scripts in production and was on my way to writing much more complex queries to squeeze every drop of valuable data from my logs. I'm querying IIS logs, Event Logs, CSV files and more with ease.

I've got this book at my side any time I go to write a new script. I would definitely recommend it to others.