Ready-to-Use Scripts from Log Parser Pioneers Including Gabriele Giuseppini, Developer of Microsoft Log Parser
? Analyze the Log Files from Windows Server, Snort IDS, NetMon, IIS Server, Exchange Server, and More
? Web Site Provides Hundreds of Original, Working Scripts to Automate Tasks
Step-by-Step Instructions for Using Log Parser to Data Mine All Your Logs
With Log Parser, you create the data processing pipeline that best fits your needs. However, Log Parsers flexible design, with its endless scripting possibilities, can make the tool difficult to employ effectively for both first-time and seasoned users. As a result of my interactions with users on public newsgroups and forums, I have come to realize that, even though the tool documentation provides a complete reference, users also need real-world examples of what they can achieve with Log Parser. This book is aimed at filling that gap. -- Gabriele Giuseppini
Scripts and Samples Included in the Book and Downloadable from syngress.com include:
Retrieving Event Log fields
Searching for Information
Ordering the Output
Parsing Text Files
Querying System Information
Parsing NetMon Files
Implementing Custom Input Formats
DATAGRID Output Format
Creating Custom Text Files
Creating Charts
Converting Log File Formats
Analyzing Request Details
Analyzing Error Requests
Analyzing Illegal Requests
Viewing Logon/Logoff Activity
Tracking Authentication Failures
Benign versus Warning Events
Identifying Brute Force Attacks
Tracking Security Policy Violations
Auditing File Access Attempts
Identifying Benign System Events
Tracking System Failures
Creating Downtime Reports
Creating System Error Reports
Identifying Application Errors
Served Application Security
Log Parsers Netmon Format
Finding Soft Errors in TCP Requests
Log Parser, Netmon and Proxy Servers
Watch for Worms/Intruders
NT Performance Log Queries
Gathering Snort Logs
Building an Alerts Detail Report
Managing Snort Rules
Log File Conversion
Log Rotation and Archival
Separating Logs
Monitoring Logons
Identifying Suspicious Files
Finding Modification Dates
Reconstructing Intrusions
Assessing IIS Configurations
Monitoring IIS Contents
Parsing Cluster Service Logs
Parsing Excel Spreadsheets
Windows Service Configuration
Parsing Internet Explorer Favorites
Querying Arbitrary WMI Classes
Simplifying Query Creation
Data-Driven Formatting
Managing Identity Flow to Remote Input Sources
Maintaining a Responsive User Interface
Combining Query Output with External Data
Publishing LogQuery Output by E-mail
Using Query Results to Construct an .REG File
Storing LogQuery output in a new Access Database
Creating Data on the Fly
Storing Data to a File
Leveraging the Multiplex Feature
Creating Chart Output
Excluding Extraneous Data
Privacy Concerns
Intervals and Sampling
Ranges
Correcting For Log Roll Drift
Obviating the Time-Based Query: iCheckpoint
Command Line Output
Skipping Rows
Rows with No Delimiters
Building Dynamic Queries
Joins Using Parameter Passing
Joins Embedded in the WHERE Clause
Your Solutions Membership Gives You Access to:
The complete code listings from the book
Comprehensive FAQ page that consolidates all of the key points of this book into an easy to search web page
Comments