LogParser: Microsoft's well-kept secret for reading logs

Event logs are important tools for managing just about every facet of Windows operation, including storage. The appropriate logs allow you to track nearly all aspects of disk performance, examine the details of disk operations over time and spot potential trouble spots.

But to do all that you've got to be able to extract the useful information from the flood of data that the logs record. Even after you carefully pare down the amount of information you choose to record in the log, 10MB or more of recorded events can be produced every day. The biggest problem with logs is finding the needles of relevant information in the haystack of data.

Many tools, such as Microsoft Operations Manager (MOM), can help you make sense of your log files. But MOM is a commercial product that must be purchased from Microsoft on a per-system basis.

A cheaper alternative is LogParser, a free command line utility from Microsoft that uses SQLServer to dig relevant information out of log files and present it as anything from a report to a chart. Although LogParser is a general tool that can handle any text-based file, it can make sense of logs of all sorts.

LogParser essentially converts text log files into a SQLServer database, then uses SQLServer's tools to apply SQL statements to that database to present the information in a variety of formats. While some administrators may consider using SQL statements from the command line an exercise in medium-level geekspeak, LogParser presents

Requires Free Membership to View

the results in clear, easy-to-understand formats that even non-administrators can easily understand.

LogParser is one of the better-kept secrets in the Windows world. Although it is a very powerful and useful tool in a variety of Windows administration, management and troubleshooting contexts, including storage, for some reason it is relatively little used.

You can download LogParser for free from Microsoft.

About the author: Rick Cook specializes in writing about issues related to storage and storage management.

More information on this topic:

This was first published in August 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.