IIS LOGS - Log Parser (tool)

Logparser

Logparser is a Tool developed by Microsoft which you can use to analyze different Log files and File formats. It is not primary designed for Exchange Server but can be used to analyze the different Exchange and IIS log files.

Stable release : LogParser 2.2.10  / 2005

Download : http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en

GUI for Logparser

The GUI has only a few menu items. The function to save a query for later execution or edit is nice.

Download: http://www.logparser.com/simpleLPview00.zip.

The command SELECT * FROM System will show you all system event log entries on the local machine.

You can export the query results to a CSV file.

Architecture

Logparser can analyze Log files from many different Log file formats like Textfiles, EventLogs and Registry. Microsoft Logparser uses a SQL like Engine to make Data queries, to aggregate data and to format data for displaying.

IIS Services and Log file Formats

The following table shows the supported log file formats for Exchange services like Web, SMTP and NNTP.

 

IIS W3C Protocol fields

If you want to analyze the W3C log files for OWA usage, you must know which Properties you can specify in the Logparser tool. You will find the same table for SMTP Log Fields in the Online help from Microsoft Exchange 2003.

Input Formats

The input formats provided by Log Parser 2.2 include:

• Input formats that parse log files generated by IIS and return the entries in the logs
• Input formats that parse generic text log files formatted according to the CSV, TSV, NCSA, W3C, and XML standards and return the fields contained in the logs
• An input format that returns events from the Windows Event Log
• Input formats that return information on Active Directory objects, on files and directories, and on registry keys
• An input format that parses NetMon capture files and returns information on TCP/IP packets and connections

Output Formats

Output formats perform the opposite function of the input formats: they consume records and do something useful with the fields contained in the records. The output formats provided with Log Parser 2.2 can:

• Save records to text files formatted according to the CSV, TSV, W3C, and XML standards
• Save records to text files formatted according to generic user-specified templates
• Display records to the console or to a GUI window
• Upload records to a table in a SQL database
• Format records according to the Syslog standard, and dispatch records to a Syslog server, to a text file, or to a user
• Create Excel-style charts that present the record’s numeric data in a graphical format

Logparser Basics

If you are using Logparser for the first time you should open Logparser with the /? Command to display a list of available commands. As you can see, Logparser is capable of many Input formats.

A simple query

The following Picture shows Logparser in Action to query a logfile in W3C format to find how often the IP address 84.233.178.2 is in the logfile. Logparser queries the Exchange Logfile named EX060326.LOG.

Output

With the help of the “NAT” option, Logparser will display the results in the CLI (Command Line Interface) a little bit clearer. You can also use Logparser to display Logparser results as HTML reports. To use Logparser with HTML output you must use Templates. Templates will give Logparser the option to display query results in HTML format.

The following example shows a graphical HTML Report with a template.