Forgotten Tools – Microsoft Log Parser

In 2000, an internal test tool was written which was expected to be used by only two or three people.  It started as something quite simple, little more than a simple program which dumped logs of various Microsoft systems.  It was called Microsoft Log parser and it’s now an incredibly useful, sophisticated and plain powerful tool.

The first inception allowed users to download and display all the fields from any log file produced my Microsofts Internet Information Server – IIS. However IIS was to become a very important product and testing requirements became much more intense.  Instead of of simply dumping results Log Parser was developed further to allow it to filter based on specific criteria and then sort out the results in an easy to manage format.  It initially supported basic SQL statements and became very widely used by Microsoft employees and Product Support Analysts all over the world.

For querying all sorts of servers both application and proxies the log parser was an effective and free tool.  For example to pull down information from an intermediate proxy server like this, the log parser can extract the logs for analysis directly,

Microsoft Log Parser

Many people have used log parser as part of charitable and research projects, mainly because tools like these are often extremely expensive. For example I have worked on one project which was analyzing the details of an alcohol dependency trial.  The data consisted of results from people testing a drug called Selincro to  help with their alcohol issues.   The data came in from all sort of sources, through client software, email or even relayed through proxies even like these.

By the time it was made available as a freely downloadable tool from Microsoft – Log Parser download it’s SQL language dialect processor had been completely overhauled.  The log file parser and the output formatter were separated allowing for much more sophisticated queries to be run and then displayed with much more flexibility.  IT staff all across the world overwhelmed by the number of log files from all sorts of sources slowly began to notice the power of Log parser.  For instance you could pull logs from your firewall, your proxy and your content filter and push the data into a nice neat SQL table.

You could use this free tool to build a central database from all the logs files in your organisation with a little application.  It could be also used as a portable analyser for security and support consultants to pull information from a variety of systems.  I’ve got the application configured on a USB key and can use it to drag log files from proxy servers running on a variety of platforms with no problem at all.  So if you find you have problems looking at log files and maintaining a proper security event management system have a look at Log Parser.  You might find that it offers the flexibility that many commercial systems don’t offer and best of all it could save yourself thousand of pounds in product costs.

 

Leave a Reply