I’m trying to read event log with LogParser on windows 10 pro, and the query select * from security executed well. But I’m getting a message saying that the file is corrupted After executing the query select count(*) from security. Does anybody like me? And System event also shows the same result. But Application event … Read more
I am using logparser 2.2 and need a script that does two things: finding urls that contain a value within referer need to loop over 30 folders logparser -rpt:-1 “select count()INTO feeds.txt from u_ex100302.log where to_lowercase(cs(Referer)) like ‘/feeds%’” Answer for (1,2,3) do logparser “select count()INTO feeds.txt from %%i\u_ex100302.log where to_lowercase(cs(Referer)) like ‘/feeds%%’” AttributionSource : Link … Read more
Is it possible, using Logparser or similar, to report on Exchange 2003/2010 mailbox access from users who are not the mailbox owner? The access might come from an Outlook client or OWA so I presume this would need a query for the IIS logs and also a query for the machine event logs? Thanks Answer … Read more
We have a couple of webservers. And have LogParser installed on them. I use remote desktop to log in on a server. Then i use “LogParser Studio” to work with reports and querys. The problem is that i can only run a query on 1 server at a time and that i have to be … Read more
I’ve been playing with Log Parser the past few days, we’re trying to retain specific event IDs from the security logs of our Domain Controllers. As these are high traffic volume logs, the data in them tends to not persist more than between 15 and 30 minutes. Therefore, I need to run this query every … Read more
Say you have logs like these Thu 2014-10-09 23:55:12: 01: Session 525229; child 0101 Thu 2014-10-09 23:55:12: 05: Accepting IMAP connection from [172.1.2.3:52337] to [1.2.3.4:143] Thu 2014-10-09 23:55:12: 03: –> * OK bla.com IMAP4rev1 Mailserver 14.0.3 ready Thu 2014-10-09 23:55:12: 02: <– 1 capability Thu 2014-10-09 23:55:12: 03: –> * CAPABILITY IMAP4rev1 NAMESPACE AUTH=LOGIN AUTH=PLAIN … Read more
I’m trying to get LogParser 2.2 running on Windows Server 2012. When I attempt to run LogParser from the command prompt (just trying LogParser -h) I get a User Account Control dialog asking if I want to allow LogParser to make changes to this computer. When I select Yes, I see another command window flashing … Read more
I have an nginx log parser which relies on fact, nginx log entries placed in sequential order. But from time to time I have log like this: [2015-07-01T08:41:59-07:00] https “GET … [2015-07-01T08:42:00-07:00] https “POST … [2015-07-01T08:41:59-07:00] https “GET … Is there any way to get ngx write log entries strongly sequential or I should change … Read more
I recently came across Microsoft Log Parser. It is an amazing tool. I am parsing Exchange Receive connector protocol logs but I encounter this error with IISW3C format. C:\TEMP>logparser “SELECT * FROM RECV20170706-1.LOG” -i:IISW3C Task completed with parse errors. Parse errors: 4 parse errors occurred during processing (To see details about the parse error(s), execute … Read more
I configured syslog-ng (version 3.21.1) on a CentOS7 server and found that logs are in following format. Aug 26 12:59:28 xyz74hd.com radiusd[20142]: 92djvd4654654164nadskj795234dc Reason: pldap: Forind credentials incorrect: Invalid credentials possible I do not require Process-ID (in above log [20142]) in my logs. Thus required syslog-format should be as follows: Aug 26 12:59:28 xyz74hd.com radiusd: … Read more
