»
Microsoft Log Parser Toolkit
 
 

Microsoft Log Parser Toolkit, 1st Edition

A Complete Toolkit for Microsoft's Undocumented Log Analysis Tool

 
Microsoft Log Parser Toolkit, 1st Edition,Gabriele Giuseppini,Mark Burnett,ISBN9781932266528
 
 
 

  &      

Syngress

9781932266528

9780080489391

350

229 X 178

Print Book + eBook

USD 52.14
USD 86.90

Buy both together and save 40%

Print Book

Paperback

In Stock

Estimated Delivery Time
USD 44.95

eBook
eBook Overview

VST (VitalSource Bookshelf) format

DRM-free included formats : EPUB, Mobi (for Kindle), PDF

USD 41.95
Add to Cart
 
 

Key Features

  • Written by Microsoft's sole developer of Log Parser, this is the first book available on the powerful yet completely undocumented product that ships with Microsoft's IIS, Windows Advanced Server 2003, and is available as a free download from the Microsoft Web site
  • The book and accompanying Web site contain dozens of original, working Log Parser scripts and templates for Windows Server, ISA Server, Snort IDS, Exchange Server, IIS, and more!
  • This book and accompanying scripts will save system administrators countless hours by scripting and automating the most common to the most complex log analysis tasks

Description

Written by Microsoft's Log Parser developer, this is the first book available on Microsoft's popular yet undocumented log parser tool. The book and accompanying Web site contain hundreds of customized, working scripts and templates that system administrators will find invaluable for analyzing the log files from Windows Server, Snort IDS, ISA Server, IIS Server, Exchange Server, and other products.

System administrators running Windows, Unix, and Linux networks manage anywhere from 1 to thousands of operating systems (Windows, Unix, etc.), Applications (Exchange, Snort, IIS, etc.), and hardware devices (firewalls, routers, etc.) that generate incredibly long and detailed log files of all activity on the particular application or device. This book will teach administrators how to use Microsoft's Log Parser to data mine all of the information available within these countless logs. The book teaches readers how all queries within Log Parser work (for example: a Log Parser query to an Exchange log may provide information on the origin of spam, viruses, etc.). Also, Log Parser is completely scriptable and customizable so the book and accompanying Web site will provide the reader with hundreds of original, working scripts that will automate these tasks and provide formatted charts and reports detailing the results of the queries.

Readership

System Administrators

Gabriele Giuseppini

Affiliations and Expertise

Software Design Engineer, Microsoft Corporation, U.S.A.

Mark Burnett

Affiliations and Expertise

Independant security consultant, U.S.A.

View additional works by Mark Burnett

Microsoft Log Parser Toolkit, 1st Edition

Acknowledgments

Technical Editor

Lead Author

Contributing authors

Foreword

Chapter 1: Introducing Log Parser

A Brief Background

Building Queries

Gathering Input

Producing Output

Final Touches

Chapter 2: Monitoring IIS

Monitoring Performance and Usage

Ensuring Stability

Scanning for Security Breaches

Final Touches

Chapter 3: Exploring the Windows Event Log

Monitoring User Activity

Tracking System Health

Monitoring Application Health

Final Touches

Chapter 4: Examining Network Traffic and Performance Logs with Log Parser

In This Toolbox

Reading Netmon Capture Files with Log Parser

Deriving Data from NT Performance Logs

Advanced Graphing Windows NT Performance Data with Log Parser

Final Touches

Chapter 5: Managing Snort Alerts

Building Snort IDS Reports

Final Touches

Chapter 6: Managing Log Files

In This Toolbox

Log File Conversion

Correlating Log File Data

Identifying Related Data

Converting Related Log Files

Log Rotation and Archival

Determining an Archiving Methodology

Separating Logs

Using Separated Log Files

Final Touches

Chapter 7: Investigating Intrusions

In This Toolbox

Locating Intrusions

Monitoring Logons

Excessive Failed Logons

Terminal Services Logons

Monitoring IIS

Finding Modification Dates

Reconstructing Intrusions

Final Touches

Chapter 8: Security Auditing

Auditing IIS

Auditing the File System

Final Touches

Chapter 9: Enhancing Log Parser

Building Input Processors

Examining Windows Service Configuration

Using a Front End

Managing Identity Flow to Remote Input Sources

Maintaining a Responsive User Interface

Developing Log Parser Scripts

Final Touches

Chapter 10: Formatting, Reporting, and Charting

In This Toolbox

Formatting Output

Storing Data to a File

Using Charts

Final Touches

Chapter 11: Handling Complex Data

In This Toolbox

Embedded Data

Time-Based Queries

Unsupported Input Formats

Passing Data to Log Parser

Emulating Joins

Final Touches

Appendix A: SQL Grammar Reference

In This Toolbox

Complete Syntax

Field-Expressions

Query Syntax

SELECT Clause

USING Clause

INTO Clause

FROM Clause

WHERE Clause

GROUP BY Clause

HAVING Clause

ORDER BY Clause

Appendix B: Function Reference

In This Toolbox

Functions

Appendix C: Input Format Reference

In This Toolbox

ADS Input Format

BIN Input Format

COM Input Format

CSV Input Format

ETW Input Format

EVT Input Format

FS Input Format

HTTPERR Input Format

IIS Input Format

IISODBC Input Format

IISW3C Input Format

NCSA Input Format

NETMON Input Format

REG Input Format

TEXTLINE Input Format

TEXTWORD Input Format

TSV Input Format

URLSCAN Input Format

W3C Input Format

XML Input Format

Appendix D: Output Format Reference

In This Toolbox

CHART Output Format

CSV Output Format

DATAGRID Output Format

IIS Output Format

NAT Output Format

SQL Output Format

SYSLOG Output Format

TPL Output Format

TSV Output Format

W3C Output Format

XML Output Format

Index

 
 
Free Shipping
Shop with Confidence

Free Shipping around the world
▪ Broad range of products
▪ 30 days return policy
FAQ

Contact Us