Many of Microsoft's best and most powerful utilities go almost unnoticed, and the Log Parser is certainly one of the best (and most overlooked). Log Parser 2.0 is a command-line program that allows a user or administrator to run SQL-like queries against log files of almost any format currently in use. The results can be reported to the console, to a flat text file or to a SQL/ODBC database. The program itself is free of charge.

Scanned logs can be in any of the following formats:

  • All file formats supported by IIS 5.0 and above. This includes W3C Extended, IIS, IISMSID, NCSA Common, Binary Log File Format, Open Database Connectivity (ODBC), URLScan and HTTP error log files.
  • The NT Event Log and EVT backup log files (including Event Logs in Windows 2000 and XP).
  • Generic CSV files.
  • Generic W3C files, such as Personal Firewall log files, Windows Media Services log files, and Exchange Tracking log files.
  • File and directory structure information.
  • Generic text files.

The syntax for using the Log Parser is essentially the standard SQL syntax, with each input source treated as a relational table. Each field is a table column with an appropriate auto-assigned data type (STRING, INTEGER, REAL or TIMESTAMP). Queries can either be passed on the command

Requires Free Membership to View

line or specified in a file. Log Parser also supports conversion between any of the above log types; a SQL log could be converted into a CSV, or vice versa.

Log Parser contains a number of unique and powerful features. The Multiplex feature allows the multiple files to be piped in or out as either source or target tables; this would allow, for instance, event log messages to be written out to different files according to the event source. It is also possible to take piped input from STDIN, but only by using the IISMSID log format:

type iis5.log | LogParser "SELECT * from stdin" –i:IISMSID

This would pipe the file iis5.log into Log Parser using stdin as the SELECT...FROM table criterion.

Log Parser also includes a .DLL / COM-architecture version of the program, which allows it to be used by programming languages such as C++, Visual Basic or VBScript. A Web programmer could use Log Parser to produce a Web-based programmatic front-end for analyzing a Web server's own logs. With Log Parser, this is possible without having to spend money on a third-party solution or write complicated homebrew data-mining code.

The program and its associated documentation can be downloaded here. Note that the IIS 6.0 Resource Kit already contains Log Parser in its 2.1 incarnation.


Serdar Yegulalp is the editor of the Windows 2000 Power Users Newsletter. Check out his Windows 2000 blog for his latest advice and musings on the world of Windows network administrators – please share your thoughts as well!


This was first published in December 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.