But to do all that you've got to be able to extract the useful information from the flood of data that the logs record. Even after you carefully pare down the amount of information you choose to record in the log, 10MB or more of recorded events can be produced every day. The biggest problem with logs is finding the needles of relevant information in the haystack of data.
Many tools, such as Microsoft Operations Manager (MOM), can help you make sense of your log files. But MOM is a commercial product that must be purchased from Microsoft on a per-system basis.
A cheaper alternative is LogParser, a free command line utility from Microsoft that uses SQLServer to dig relevant information out of log files and present it as anything from a report to a chart. Although LogParser is a general tool that can handle any text-based file, it can make sense of logs of all sorts.
LogParser essentially converts text log files into a SQLServer database, then uses SQLServer's tools to apply SQL statements to that database to present the information in a variety of formats. While some administrators may consider using SQL statements from the command line an exercise in medium-level geekspeak, LogParser presents the
LogParser is one of the better-kept secrets in the Windows world. Although it is a very powerful and useful tool in a variety of Windows administration, management and troubleshooting contexts, including storage, for some reason it is relatively little used.
You can download LogParser for free from Microsoft.
About the author: Rick Cook specializes in writing about issues related to storage and storage management.
More information on this topic:
This was first published in August 2006