Microsoft Log Parser Toolkit [ILLUSTRATED] (Paperback)

by Gabriele Giuseppini (Author), Mark Burnett (Author), Jeremy Faircloth (Author), Dave Kleiman (Author) "Log files-records of events that have occurred in a system-often contain information deemed crucial to a business..." (more)
Key Phrases: log parser, separated log files, log file rotation, Service Control Manager, Active Directory, End Sub (more...)

Editorial Reviews

Product Description
Ready-to-Use Scripts from Log Parser Pioneers Including Gabriele Giuseppini, Developer of Microsoft Log Parser

?        Analyze the Log Files from Windows Server, Snort IDS, NetMon, IIS Server, Exchange Server, and More

?        Web Site Provides Hundreds of Original, Working Scripts to Automate Tasks

Step-by-Step Instructions for Using Log Parser to Data Mine All Your Logs

With Log Parser, you create the data processing pipeline that best fits your needs. However, Log Parser’s flexible design, with its endless scripting possibilities, can make the tool difficult to employ effectively for both first-time and seasoned users. As a result of my interactions with users on public newsgroups and forums, I have come to realize that, even though the tool documentation provides a complete reference, users also need real-world examples of what they can achieve with Log Parser. This book is aimed at filling that gap. -- Gabriele Giuseppini

Scripts and Samples Included in the Book and Downloadable from syngress.com include:

Retrieving Event Log fields

Searching for Information

Ordering the Output

Parsing Text Files

Querying System Information

Parsing NetMon Files

Implementing Custom Input Formats

DATAGRID Output Format

Creating Custom Text Files

Creating Charts

Uploading to a SQL Database

Converting Log File Formats

Analyzing Request Details

Analyzing Error Requests

Analyzing Illegal Requests

Viewing Logon/Logoff Activity

Tracking Authentication Failures

Benign versus Warning Events

Identifying Brute Force Attacks

Tracking Security Policy Violations

Auditing File Access Attempts

Identifying Benign System Events

Tracking System Failures

Creating Downtime Reports

Creating System Error Reports

Identifying Application Errors

Served Application Security

Log Parser’s Netmon Format

Finding Soft Errors in TCP Requests

Log Parser, Netmon and Proxy Servers

Watch for Worms/Intruders

NT Performance Log Queries

Gathering Snort Logs

Building an Alerts Detail Report

Managing Snort Rules

Log File Conversion

Log Rotation and Archival

Separating Logs

Monitoring Logons

Identifying Suspicious Files

Finding Modification Dates

Reconstructing Intrusions

Assessing IIS Configurations

Monitoring IIS Contents

Parsing Cluster Service Logs

Parsing Excel Spreadsheets

Windows Service Configuration

Parsing Internet Explorer Favorites

Querying Arbitrary WMI Classes

Simplifying Query Creation

Data-Driven Formatting

Managing Identity Flow to Remote Input Sources

Maintaining a Responsive User Interface

Combining Query Output with External Data

Publishing LogQuery Output by E-mail

Using Query Results to Construct an .REG File

Storing LogQuery output in a new Access Database

Creating Data on the Fly

Storing Data to a File

Leveraging the Multiplex Feature

Creating Chart Output

Excluding Extraneous Data

Privacy Concerns

Intervals and Sampling

Ranges

Correcting For Log Roll Drift

Obviating the Time-Based Query: iCheckpoint

Command Line Output

Skipping Rows

Rows with No Delimiters

Building Dynamic Queries

Joins Using Parameter Passing

Joins Embedded in the WHERE Clause

Your Solutions Membership Gives You Access to:

The complete code listings from the book

Comprehensive FAQ page that consolidates all of the key points of this book into an easy to search web page

From the Author
"From the Author" Forum where the authors post timely updates and links to related sites

Downloadable chapters from these best selling books:

Google Hacking for Penetration Testers

Dr. Tom Shinder's Configuring ISA Server 2004

Snort 2.1 Intrusion Detection, Second Edition

Nessus Network Auditing

See all Editorial Reviews

Product Details

• Paperback: 350 pages
• Publisher: Syngress; 1 edition (February 24, 2005)
• Language: English
• ISBN-10: 1932266526
• ISBN-13: 978-1932266528
• Product Dimensions: 9 x 7 x 1.1 inches
• Shipping Weight: 1.6 pounds (View shipping rates and policies)
• Average Customer Review: 4.7 out of 5 stars See all reviews (7 customer reviews)
• Amazon.com Sales Rank: #204,749 in Books (See Bestsellers in Books)

  Popular in these categories: (What's this?)

  #24 in	Books > Computers & Internet > Software > Business > Utilities
  #25 in	Books > Computers & Internet > Security & Encryption > Windows Security
  #99 in	Books > Computers & Internet > Microsoft > Operating Systems > Windows NT

Customer Reviews

Most Helpful Customer Reviews

5 of 5 people found the following review helpful:

5.0 out of 5 stars A must have for the Network Administrator / Security Pro, February 23, 2005

By	Dave Kleiman "DaveKleiman.com" (Florida USA) - See all my reviews (REAL NAME)

This is a complete reference for utilizing the MicrosoftLog Parser Tool in real world scenarios.
The authors do an outstanding job of bringing you from the basics of Log Parser through advanced techniques and tricks. I have thoroughly enjoyed reading it end to end, and have begun utilizing Log Parser in my daily log assessment routines. The Tips, Swiss Army Knifes, and Master Craftsman sidebars prove extremely creative and helpful.

7 of 8 people found the following review helpful:

5.0 out of 5 stars Learn how to harness the power of Log Parser!, February 18, 2005

By	Gabriele Giuseppini (Amsterdam, the Netherlands) - See all my reviews (REAL NAME)

Log Parser is a Swiss-army knife tool that provides users with a powerful set of basic features that analyze, slice, and report on a large variety of information.
The idea of writing this book stemmed from the realization that most of the Log Parser users find it difficult to harness the power of the tool and discover how to customize and use its basic features to complete the task at hand.
"The Microsoft Log Parser Toolkit" has been written by users that have been employing the tool for years to manage their IT systems, and shows the scripts, queries, and tricks that they use on their jobs.
The first chapter gives you a thorough understanding of the Log Parser SQL-like language (how do I filter Event Log entries? How do I search for specific Web requests in time? How do I calculate statistics?), introduces you to the many input and output formats supported by version 2.2 (including the newest ADS, TSV, and NETMON input formats and the CHART and SYSLOG output formats), and delves into those little-known additional features that enhance this tool's productivity (including incremental parsing and output multiplexing).
The next 10 chapters provide solutions and working examples for all the problems that can be quickly solved with Log Parser.
With these chapters you will learn how to script the tool features, how to write input format plug-ins to provide your own data to Log Parser, and how to best employ its input and output formats to create charts, reports, and web applications.
You will see techniques used by the authors to perform security auditing and intrusion detection, to analyze server performance, and to manage and monitor IIS servers.
Regardless of whether you are new to Log Parser, or if you are an experienced user, this book will give you new ideas and discover a few new tricks that you never thought of before!

4 of 4 people found the following review helpful:

5.0 out of 5 stars Excellent Real World Examples, March 2, 2006

By	Mike Lawton (Roanoke, VA) - See all my reviews (REAL NAME)

I bought this book thinking it would be a good reference point for using Log Parser 2.2, and am exceedingly impressed with the volume of real-world, practical examples.

Within minutes I had several scripts in production and was on my way to writing much more complex queries to squeeze every drop of valuable data from my logs. I'm querying IIS logs, Event Logs, CSV files and more with ease.

I've got this book at my side any time I go to write a new script. I would definitely recommend it to others.