I had to give up my log monitoring server, truth to be told, I had it up and running before I went on vacation and so I haven’t been using it much. Anway, gave up the powerful server for some application.
I needed to go over some audit logs that I enabled over specific folders, tens of thousands of entries, I tried filtering them in excel and it took me as far as it could and decided a small code will do the trick, then today I came across this.
Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows operating system such as the Event Log, the Registry, the file system, and Active Directory. You tell Log Parser what information you need and how you want it processed. The results of your query can be custom-formatted in text based output, or they can be persisted to more specialty targets like SQL, SYSLOG, or a chart. Most software is designed to accomplish a limited number of specific tasks. Log Parser is different… the number of ways it can be used is limited only by the needs and imagination of the user.
You can run queries which are similar to SQL, I run -h with any command or go through the help file, to come up with the right query. You can specify the input files example (csv, textfile, event logs) and the output, as far as I’ve discovered, can be in textfile, csv, charts, etc.
I had problems, figuring out the correct field names, which can be retried by a simple query or added at the top of your csv file and within the query retrieve the header. I got a bit mixed up whether to use (like, not like, =, ==, <>, !=) and if to include (‘, “). Ya3nee, my memory just needed refreshing.
All is left is to produce a report with my logs analysis and I’m done.
Who wants to bet, that the logs report next week won’t be needed 
Download Microsoft Log Parser here
Recent Comments