2 Mart 2012 Cuma

LOGPARSER INPUT FORMATS


ADS
Active Directory objelerinin girdi olarak kullanılmasını sağlar.
LogParser "SELECT PropertyValue FROM LDAP://mydomain.mycompany.com WHERE PropertyName = 'comment'" -i:ADS

LogParser "SELECT cn, operatingSystem, operatingSystemServicePack FROM LDAP://mydomain.mycompany.com/CN=Computers,DC=mydomain,DC=mycompany,DC=com" -i:ADS -objClass:Computer
Sonuç:
cn           operatingSystem         operatingSystemServicePack
------------ ----------------------- --------------------------
SERVER01     Windows XP Professional Service Pack 1
SERVER02     Windows XP Professional Service Pack 2
TESTMACHINE1 Windows Server 2003     -
TESTMACHINE2 Windows XP Professional Service Pack 2
TESTMACHINE3 Windows XP Professional Service Pack 1
TESTMACHINE4 Windows 2000 Server     Service Pack 4

Alanlar:
Name
Type
Description
ObjectPath
STRING
Full Active Directory path of the object containing this property
ObjectName
STRING
Name of the object containing this property
ObjectClass
STRING
Class name of the object containing this property
PropertyName
STRING
Name of the property being processed
PropertyValue
STRING
Value of the property being processed
PropertyType
STRING
Type of the property being processed

Örnek Kullanım:
LogParser "SELECT title, MUL(PROPCOUNT(*), 100.0) AS Percentage INTO DATAGRID FROM 'LDAP://MyUsername:MyPassword@mydomain/CN=Users,DC=mydomain,DC=com' WHERE title IS NOT NULL GROUP BY title ORDER BY Percentage DESC" -objClass:User


BIN
Merkezi Binary Log formatını girdi olarak kullanılmasını sağlar. IIS 6.0 loglarında kullanılabilir.
Alanlar:
Name
Type
Description
LogFilename
STRING
Full path of the log file containing this entry
LogRow
INTEGER
Line in the log file containing this entry
ComputerName
STRING
The name of the server that served the request
SiteID
INTEGER
The IIS virtual site instance number that served the request
DateTime
TIMESTAMP
The date and time at which the request was served (Universal Time Coordinates (UTC) time)
ClientIpAddress
STRING
The IP address of the client that made the request
ServerIpAddress
STRING
The IP address of the server that served the request
ServerPort
INTEGER
The server port number that received the request
Method
STRING
The HTTP request verb
ProtocolVersion
STRING
The HTTP version of the client request
ProtocolStatus
INTEGER
The response HTTP status code
SubStatus
INTEGER
The response HTTP sub-status code
TimeTaken
INTEGER
The number of milliseconds elapsed since the moment the server received the request to the moment the server sent the last response chunk to the client
BytesSent
INTEGER
The number of bytes in the response sent by the server
BytesReceived
INTEGER
The number of bytes in the request sent by the client
Win32Status
INTEGER
The Windows status code associated with the response HTTP status code
UriStem
STRING
The HTTP request uri-stem
UriQuery
STRING
The HTTP request uri-query, or NULL if the requested URI did not include a uri-query
UserName
STRING
The name of the authenticated user that made the request, or NULL if the request was from an anonymous user

Örnek Kullanım:
LogParser "SELECT TOP 20 UriStem, COUNT(*) AS Hits INTO MyChart.gif FROM <www.margiestravel.com> GROUP BY UriStem ORDER BY Hits DESC" -chartType:Column3D -groupSize:1024x768

CSV
CSV formatında girdi kullanılmasını sağlamaktadır. Microsoft Excel yada Perfmon logları için kullanılır.

LogParser "SELECT QUANTIZE([(PDH-CSV 4.0) (Pacific Daylight Time)(420)], 60) AS Minute, AVG([\\GAB1\Processor(_Total)\% Processor Time]) AS AVGProcessor FROM PerfMon_000001.csv GROUP BY Minute" -i:CSV -iTsFormat:"MM/dd/yyyy hh:mm:ss.ll"

ETW
Enterprise Tracing for Windows (.etl files) trace log dosyaları için kullanılır.

Alanlar:
Name
Type
Description
EventNumber
INTEGER
Index of this event in the trace being parsed
EventName
STRING
Name of the event
EventTypeName
STRING
Name of the event type
Timestamp
TIMESTAMP
Date and time at which the event was traced
UserData
STRING
Event-specific property values

Örnek Kullanım:
C:\>LogParser "SELECT * FROM ExampleTrace.etl" -i:ETW

EVT
Windows Event Log ve  Event Log backup dosyaları için kullanılır.
Alanlar:
Name
Type
Description
EventLog
STRING
Name of the Event Log or Event Log backup file containing this event
RecordNumber
INTEGER
Index of this event in the Event Log or Event Log backup file containing this event
TimeGenerated
TIMESTAMP
The date and time at which the event was generated (local time)
TimeWritten
TIMESTAMP
The date and time at which the event was logged (local time)
EventID
INTEGER
The ID of the event
EventType
INTEGER
The numeric type of the event
EventTypeName
STRING
The descriptive type of the event
EventCategory
INTEGER
The numeric category of the event
EventCategoryName
STRING
The descriptive category of the event
SourceName
STRING
The source that generated the event
Strings
STRING
The textual data associated with the event
ComputerName
STRING
The name of the computer on which the event was generated
SID
STRING
The Security Identifier associated with the event
Message
STRING
The full event message
Data
STRING
The binary data associated with the event

Örnek Kullanım:
LogParser "SELECT TimeGenerated AS LogonDate, EXTRACT_TOKEN(Strings, 0, '|') AS Account INTO Report.xml FROM Security WHERE EventID NOT IN (541;542;543) AND EventType = 8 AND EventCategory = 2"

FS
File system için kullanılır.
Alanlar;
Name
Type
Description
Path
STRING
Full path of the file or directory
Name
STRING
Name of the file or directory
Size
INTEGER
Size of the file, in bytes
Attributes
STRING
Attributes of the file or directory
CreationTime
TIMESTAMP
Date and time at which the file or directory has been created (local or UTC time, depending on the value of the useLocalTime parameter)
LastAccessTime
TIMESTAMP
Date and time at which the file or directory has been last accessed (local or UTC time, depending on the value of the useLocalTime parameter)
LastWriteTime
TIMESTAMP
Date and time at which the file or directory has been last modified (local or UTC time, depending on the value of the useLocalTime parameter)
FileVersion
STRING
Version of the file
ProductVersion
STRING
Version of the product the file is distributed with
InternalName
STRING
Internal name of the file
ProductName
STRING
Name of the product the file is distributed with
CompanyName
STRING
Name of the vendor company that produced the file
LegalCopyright
STRING
Copyright notices that apply to the file
LegalTrademarks
STRING
Trademarks and registered trademarks that apply to the file
PrivateBuild
STRING
Private version information of the file
SpecialBuild
STRING
Special file build notes
Comments
STRING
Comments associated with the file
FileDescription
STRING
Description of the file
OriginalFilename
STRING
Original name of the file
Örnek Kullanım:
LogParser "SELECT Path, HASHMD5_FILE(Path) FROM C:\Windows\System32\*.exe" -i:FS -recurse:0

HTTPERR
HTTP Error log dosyaları için kullanılır.
Alanlar;
Name
Type
Description
LogFilename
STRING
Full path of the log file containing this entry
LogRow
INTEGER
Line in the log file containing this entry
date
TIMESTAMP
The date on which the request was served (Universal Time Coordinates (UTC) time)
time
TIMESTAMP
The time at which the request was served (Universal Time Coordinates (UTC) time)
s-computername
STRING
The name of the server that served the request (this field is logged by later versions of Http.sys only)
c-ip
STRING
The IP address of the client that made the request
c-port
INTEGER
The client port number that sent the request
s-ip
STRING
The IP address of the server that served the request
s-port
INTEGER
The server port number that received the request
cs-version
STRING
The HTTP version of the client request
cs-method
STRING
The HTTP request verb
cs-uri
STRING
The HTTP request uri
cs(User-Agent)
STRING
The client request User-Agent header (this field is logged by later versions of Http.sys only)
cs(Cookie)
STRING
The client request Cookie header (this field is logged by later versions of Http.sys only)
cs(Referer)
STRING
The client request Referer header (this field is logged by later versions of Http.sys only)
cs-host
STRING
The client request Host header (this field is logged by later versions of Http.sys only)
sc-status
INTEGER
The response HTTP status code
sc-bytes
INTEGER
The number of bytes in the response sent by the server (this field is logged by later versions of Http.sys only)
cs-bytes
INTEGER
The number of bytes in the request sent by the client (this field is logged by later versions of Http.sys only)
time-taken
INTEGER
The number of milliseconds elapsed since the moment the server received the request to the moment the server sent the response to the client (this field is logged by later versions of Http.sys only)
s-siteid
INTEGER
The IIS site instance number that served the request
s-reason
STRING
Information about why the error occurred
s-queuename
STRING
The name of the application pool hosting the IIS worker process that processed the request (this field is logged by later versions of Http.sys only)
Örnek Kullanım:
LogParser "SELECT sc-status, PROPCOUNT(*) AS Percentage INTO Pie.gif FROM HTTPERR GROUP BY sc-status ORDER BY Percentage DESC" -chartType:PieExploded -chartTitle:"Errors Distribution" -categories:off

IIS
Microsoft IIS Log dosyası formatı için kullanılır.
Alanlar:
Name
Type
Description
LogFilename
STRING
Full path of the log file containing this entry
LogRow
INTEGER
Line in the log file containing this entry
UserIP
STRING
The IP address of the client that made the request
UserName
STRING
The name of the authenticated user that made the request, or NULL if the request was from an anonymous user
Date
TIMESTAMP
The date on which the request was served (local time)
Time
TIMESTAMP
The time at which the request was served (local time)
ServiceInstance
STRING
The IIS service name and site instance number that served the request
HostName
STRING
The name of the server that served the request
ServerIP
STRING
The IP address of the server that served the request
TimeTaken
INTEGER
The number of milliseconds elapsed since the moment the server received the request to the moment the server sent the last response chunk to the client
BytesSent
INTEGER
The number of bytes in the request sent by the client
BytesReceived
INTEGER
The number of bytes in the response sent by the server
StatusCode
INTEGER
The response HTTP or FTP status code
Win32StatusCode
INTEGER
The Windows status code associated with the response HTTP or FTP status code
RequestType
STRING
The HTTP request verb or FTP operation
Target
STRING
The HTTP request uri-stem or FTP operation target
Parameters
STRING
The HTTP request uri-query, or NULL if the requested URI did not include a uri-query

Örnek Kullanım:
LogParser "SELECT TOP 20 Target, COUNT(*) AS Hits INTO MyChart.gif FROM <www.margiestravel.com> GROUP BY Target ORDER BY Hits DESC" -chartType:Column3D -groupSize:1024x768

IISODBC
Database de kayıtlı olan IIS logları için kullanılır.
Alanlar;
Name
Type
Description
ClientHost
STRING
The IP address of the client that made the request
Username
STRING
The name of the authenticated user that made the request, or NULL if the request was from an anonymous user
LogTime
TIMESTAMP
The date and time at which the request was served (local time)
Service
INTEGER
The IIS service name and site instance number that served the request
Machine
STRING
The name of the server that served the request
ServerIP
STRING
The IP address of the server that served the request
ProcessingTime
INTEGER
The number of milliseconds elapsed since the moment the server received the request to the moment the server sent the last response chunk to the client
BytesRecvd
INTEGER
The number of bytes in the request sent by the client
BytesSent
INTEGER
The number of bytes in the response sent by the server
ServiceStatus
INTEGER
The response HTTP or FTP status code
Win32Status
INTEGER
The Windows status code associated with the response HTTP or FTP status code
Operation
STRING
The HTTP request verb or FTP operation
Target
STRING
The HTTP request uri-stem or FTP operation target
Parameters
STRING
The HTTP request uri-query, or NULL if the requested URI did not include a uri-query

Örnek Kullanım:
LogParser "SELECT TOP 20 Target, COUNT(*) AS Hits INTO MyChart.gif FROM <www.margiestravel.com> GROUP BY Target ORDER BY Hits DESC" -chartType:Column3D -groupSize:1024x768

IISW3C
W3C Extended Log dosya formatları için kullanılır.
Alanlar;
Name
Type
Description
LogFilename
STRING
Full path of the log file containing this entry
LogRow
INTEGER
Line in the log file containing this entry
date
TIMESTAMP
The date on which the request was served (Universal Time Coordinates (UTC) time)
time
TIMESTAMP
The time at which the request was served (Universal Time Coordinates (UTC) time)
c-ip
STRING
The IP address of the client that made the request
cs-username
STRING
The name of the authenticated user that made the request, or NULL if the request was from an anonymous user
s-sitename
STRING
The IIS service name and site instance number that served the request
s-computername
STRING
The name of the server that served the request
s-ip
STRING
The IP address of the server that served the request
s-port
INTEGER
The server port number that received the request
cs-method
STRING
The HTTP request verb or FTP operation
cs-uri-stem
STRING
The HTTP request uri-stem or FTP operation target
cs-uri-query
STRING
The HTTP request uri-query, or NULL if the requested URI did not include a uri-query
sc-status
INTEGER
The response HTTP or FTP status code
sc-substatus
INTEGER
The response HTTP sub-status code (this field is logged by IIS version 6.0 and later only)
sc-win32-status
INTEGER
The Windows status code associated with the response HTTP or FTP status code
sc-bytes
INTEGER
The number of bytes in the response sent by the server
cs-bytes
INTEGER
The number of bytes in the request sent by the client
time-taken
INTEGER
The number of milliseconds elapsed since the moment the server received the request to the moment the server sent the last response chunk to the client
cs-version
STRING
The HTTP version of the client request
cs-host
STRING
The client request Host header
cs(User-Agent)
STRING
The client request User-Agent header
cs(Cookie)
STRING
The client request Cookie header
cs(Referer)
STRING
The client request Referer header
s-event
STRING
The type of log event (this field is logged by IIS version 5.0 only when the "Process Accounting Logging" feature is enabled)
s-process-type
STRING
The type of process that triggered the log event (this field is logged by IIS version 5.0 only when the "Process Accounting Logging" feature is enabled)
s-user-time
REAL
The total accumulated User Mode processor time, in percentage, that the site used during the current interval (this field is logged by IIS version 5.0 only when the "Process Accounting Logging" feature is enabled)
s-kernel-time
REAL
The total accumulated Kernel Mode processor time, in percentage, that the site used during the current interval (this field is logged by IIS version 5.0 only when the "Process Accounting Logging" feature is enabled)
s-page-faults
INTEGER
The total number of memory references that resulted in memory page faults during the current interval (this field is logged by IIS version 5.0 only when the "Process Accounting Logging" feature is enabled)
s-total-procs
INTEGER
The total number of applications created during the current interval (this field is logged by IIS version 5.0 only when the "Process Accounting Logging" feature is enabled)
s-active-procs
INTEGER
The total number of applications running when the log event was triggered (this field is logged by IIS version 5.0 only when the "Process Accounting Logging" feature is enabled)
s-stopped-procs
INTEGER
The total number of applications stopped due to process throttling during the current interval (this field is logged by IIS version 5.0 only when the "Process Accounting Logging" feature is enabled)

Örnek Kullanım:
LogParser "SELECT TOP 20 cs-uri-stem, COUNT(*) AS Hits INTO MyChart.gif FROM <www.margiestravel.com> GROUP BY cs-uri-stem ORDER BY Hits DESC" -chartType:Column3D -groupSize:1024x768

NCSA
NCSA Common, Combined, and Extended Log dosya formatları için kullanılır.
Alanlar;
Name
Type
Description
LogFilename
STRING
Full path of the log file containing this entry
LogRow
INTEGER
Line in the log file containing this entry
RemoteHostName
STRING
The IP address of the client that made the request
RemoteLogName
STRING
The identifier used to identify the client making the HTTP request, or NULL if no identifier is used (always NULL in NCSA log files generated by IIS)
UserName
STRING
The name of the authenticated user that made the request, or NULL if the request was from an anonymous user
DateTime
TIMESTAMP
The date and time at which the request was served (Universal Time Coordinates (UTC) time)
Request
STRING
The HTTP request line (verb, URI, and HTTP version)
StatusCode
INTEGER
The response HTTP status code
BytesSent
INTEGER
The number of bytes in the response sent by the server
Referer
STRING
The client request Referer header (not logged in NCSA Common Log File Format log files)
User-Agent
STRING
The client request User-Agent header (not logged in NCSA Common Log File Format log files)
Cookie
STRING
The client request Cookie header (not logged in NCSA Common Log File Format log files)

Örnek Kullanım:
LogParser "SELECT EXTRACT_TOKEN(Request, 0, ' ') AS Verb, EXTRACT_TOKEN(Request, 1, ' ') AS URI, EXTRACT_TOKEN(Request, 2, ' ') AS Version FROM ncsa9.log"

NETMON
network capture files (.cap files) NetMon Network Monitor uygulama loglarını pars ederken kullanılır.
Alanlar;
Name
Type
Description
CaptureFilename
STRING
The full path of the capture file containing this packet
Frame
INTEGER
The frame number containing this packet
DateTime
TIMESTAMP
Date and time at which the packet was sent
FrameBytes
INTEGER
Total number of bytes in the frame
SrcMAC
STRING
MAC address of the sender of this packet
SrcIP
STRING
IP address of the sender of this packet
SrcPort
INTEGER
TCP port number of the sender of this packet
DstMAC
STRING
MAC address of the destination of this packet
DstIP
STRING
IP address of the destination of this packet
DstPort
INTEGER
TCP port number of the destination of this packet
IPVersion
INTEGER
IP version of this packet
TTL
INTEGER
Time-To-Live field of the IP header of this packet
TCPFlags
STRING
TCP flags field of the TCP header of this packet
Seq
INTEGER
TCP sequence number of this packet
Ack
INTEGER
TCP acknowledge number of this packet
WindowSize
INTEGER
Window size field of the TCP header of this packet
PayloadBytes
INTEGER
Number of bytes in the TCP payload of this packet
Payload
STRING
TCP payload of this packet
Connection
INTEGER
Unique identifier of the TCP connection to which this packet belongs

Örnek Kullanım:
LogParser "SELECT QUANTIZE(DateTime, 1) AS Second, SUM(FrameBytes) INTO DATAGRID FROM MyCapture.cap GROUP BY Second"

REG
Registry ile ilgili loglar için kullanılmaktadır.
Alanlar;
Name
Type
Description
ComputerName
STRING
Name of the computer hosting the registry containing this value
Path
STRING
Path of the registry key containing this value
KeyName
STRING
Name of the registry key containing this value
ValueName
STRING
Name of the registry value
ValueType
STRING
Name of the type of the registry value
Value
STRING
Text representation of the content of the registry value
LastWriteTime
TIMESTAMP
Date and time at which the registry value has been last modified (Universal Time Coordinates (UTC) time)



Örnek Kullanım:
LogParser "SELECT * INTO MyTable FROM \HKLM" -i:REG -o:SQL -server:MyServer -database:MyDatabase -driver:"SQL Server" -username:TestSQLUser -password:TestSQLPassword -createTable:ON

TEXTLINE
Text formatında bulunan loglar için kullanılmaktadır.
Alanlar;
Name
Type
Description
LogFilename
STRING
Full path of the file containing this line
Index
INTEGER
Line number
Text
STRING
Text line content

Örnek Kullanım:
LogParser "SELECT Text FROM http://www.microsoft.adatum.com WHERE Text LIKE '%href%'" -i:TEXTLINE

TEXTWORD
Text formatındaki kelimeler için kullanılmaktadır.
Örnek Kullanım:
LogParser "SELECT Text, COUNT(*) FROM MyFile.txt GROUP BY Text ORDER BY COUNT(*) DESC" -i:TEXTWORD

TSV
Tab yada space ile ayrılmış text dosyalarını pars etmede kullanılır.
Örnek Kullanım :
netstat -a | LogParser "SELECT * FROM STDIN" -i:TSV -iSeparator:space -nSep:2 -fixedSep:OFF -nSkipLines:3

URLSCAN
URLScan IIS filter logları için kullanılmaktadır.
Alanlar;
Name
Type
Description
LogFilename
STRING
Full path of the log file containing this entry
LogRow
INTEGER
Line in the log file containing this entry
Date
TIMESTAMP
The date and time at which the request was served (local time)
ClientIP
STRING
The IP address of the client that made the request
Comment
STRING
The filter that matched the request and the action executed by URLScan
SiteInstance
INTEGER
The IIS virtual site instance number that served the request
Url
STRING
The HTTP request url

Örnek Kullanım:
LogParser "SELECT DISTINCT REVERSEDNS(ClientIP) FROM URLSCAN"

W3C
W3C Extended Log dosya formatları için kullanılır. ISA,TMG logları gibi.
Örnek Kullanım;
LogParser "SELECT DISTINCT src-ip FROM pfirewall.log WHERE action='DROP'" -i:W3C

XML
XML text dosyaları için kullanılmaktadır.
Örnek Kullanım:
LogParser "SELECT title FROM http://blogs.msdn.com/MainFeed.aspx#/rss/channel/item" -i:XML -fMode:Tree

Hiç yorum yok:

Yorum Gönder