Solved

logparser batch file help

Posted on 2007-03-18
12
3,060 Views
Last Modified: 2009-07-29
I can run the below fine directly from the command line.. HOwever, if I put the same line in a batch file it gives me an error..   (Error: Syntax Error: <term2>: no valid LIKE mask)

LogParser.exe -i:textline  "select text  from \windows\tasks\schedLgU.txt where text like '%System%'"

How do I get this to work?? Also I want to inlude a date like statement but it will be a variable, so how do I handle that. I dont use batch files much but for what I need here it seems like easier than a script. If I could get it to work that is!!

Thanks for any help
0
Comment
Question by:andrew_89
  • 6
  • 6
12 Comments
 
LVL 30

Expert Comment

by:SteveGTR
ID: 18745177
To put this in a batch file you must escape the %:

LogParser.exe -i:textline  "select text  from \windows\tasks\schedLgU.txt where text like '^%System^%'"

If you want a date like the current date here's one method that will work on any 2000+ machine:

@echo off

call :GETDATEPARTS "%date%"

set today=%mm%/%dd%/%yy%

echo Today's date is: %today%

goto :EOF

:GETDATEPARTS

set dt=%~1
set tok=1-3

if "%dt:~0,1%" GTR "9" set tok=2-4

set yyyy=

for /f "tokens=%tok% delims=.:/-, " %%a in ('echo %~1') do (
  for /f "skip=1 tokens=2-4 delims=/-,()." %%x in ('echo.^|date') do set %%x=%%a&set %%y=%%b&set %%z=%%c
)

if not "%yyyy%"=="" set yy=%yyyy%

if 1%yy% LSS 1000 (if %yy% LSS 70 (set yy=20%yy%) else (set yy=19%yy%))
if 1%mm% LSS 100 set mm=0%mm%
if 1%dd% LSS 100 set dd=0%dd%

Good Luck,
Steve
0
 
LVL 1

Author Comment

by:andrew_89
ID: 18745372
Here is the line I am trying to find:
0x00000002: The system cannot find the file specified.


I am using this:
LogParser.exe -i:textline  "select text  from \windows\tasks\schedLgU.txt where text like '^%System^%'"

It does not find the line?? This is the output

Statistics:
-----------
Elements processed: 386
Elements output:    0
Execution time:     0.02 seconds
0
 
LVL 1

Author Comment

by:andrew_89
ID: 18745377
This is the return if I run from command line:

C:\Program Files\Log Parser 2.2>LogParser.exe -i:textline  "select text  from \w
indows\tasks\schedLgU.txt where text like '%System%' "
Text
-------------------------------------------------------
        0x00000002: The system cannot find the file specified.
        0x80070002: The system cannot find the file specified.
        0x00000002: The system cannot find the file specified.
        0x00000002: The system cannot find the file specified.
        0x00000002: The system cannot find the file specified.
        0x80070002: The system cannot find the file specified.
        0x00000002: The system cannot find the file specified.
        0x00000002: The system cannot find the file specified.
        0x00000002: The system cannot find the file specified.
        0x80070002: The system cannot find the file specified.
0
 
LVL 30

Expert Comment

by:SteveGTR
ID: 18745383
It looks like the same thing?
0
 
LVL 1

Author Comment

by:andrew_89
ID: 18745430
When I run from a batch file this is output:(Notivce what it is seeing the as the where?? Sometihng is being interpeted incorrectly.

C:\PROGRA~1\LOGPAR~1.2>LogParser.exe -i:textline  "select text  from \windows\ta
sks\schedLgU.txt where text = '^'"

Statistics:
-----------
Elements processed: 386
Elements output:    0
Execution time:     0.00 seconds
0
 
LVL 30

Expert Comment

by:SteveGTR
ID: 18745538
Try this in the batch file:

LogParser.exe -i:textline  "select text  from \windows\tasks\schedLgU.txt where text like '%%System%%'"
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 1

Author Comment

by:andrew_89
ID: 18745549
yes thanks that is the trick... Man I have killed a couple hours on something so silly..



0
 
LVL 30

Expert Comment

by:SteveGTR
ID: 18745569
Gave me trouble also :)
0
 
LVL 1

Author Comment

by:andrew_89
ID: 18745587
one other quick question sorry. If I use a date variable , what is the correct syntax in the where staement.



Thanks for all your help
0
 
LVL 30

Expert Comment

by:SteveGTR
ID: 18745601
I'd say something like this:

LogParser.exe -i:textline  "select text  from \windows\tasks\schedLgU.txt where dateField = '3/18/2007'"

Or if you want to include the dynamic current date processing:

@echo off

call :GETDATEPARTS "%date%"

set today=%mm%/%dd%/%yy%

LogParser.exe -i:textline  "select text  from \windows\tasks\schedLgU.txt where dateField = '%today%'"

goto :EOF

:GETDATEPARTS

set dt=%~1
set tok=1-3

if "%dt:~0,1%" GTR "9" set tok=2-4

set yyyy=

for /f "tokens=%tok% delims=.:/-, " %%a in ('echo %~1') do (
  for /f "skip=1 tokens=2-4 delims=/-,()." %%x in ('echo.^|date') do set %%x=%%a&set %%y=%%b&set %%z=%%c
)

if not "%yyyy%"=="" set yy=%yyyy%

if 1%yy% LSS 1000 (if %yy% LSS 70 (set yy=20%yy%) else (set yy=19%yy%))
if 1%mm% LSS 100 set mm=0%mm%
if 1%dd% LSS 100 set dd=0%dd%
0
 
LVL 1

Author Comment

by:andrew_89
ID: 18745690
The date is returned as 03/18/2007 and of course the log is 3/18/2007... How can I get rid of the 03 and make it 3?? It will not work otherwise..
0
 
LVL 30

Accepted Solution

by:
SteveGTR earned 500 total points
ID: 18745702
@echo off

call :GETDATEPARTS "%date%"

set today=%mm%/%dd%/%yy%

LogParser.exe -i:textline  "select text  from \windows\tasks\schedLgU.txt where dateField = '%today%'"

goto :EOF

:GETDATEPARTS

set dt=%~1
set tok=1-3

if "%dt:~0,1%" GTR "9" set tok=2-4

set yyyy=

for /f "tokens=%tok% delims=.:/-, " %%a in ('echo %~1') do (
  for /f "skip=1 tokens=2-4 delims=/-,()." %%x in ('echo.^|date') do set %%x=%%a&set %%y=%%b&set %%z=%%c
)

if not "%yyyy%"=="" set yy=%yyyy%

if 1%yy% LSS 1000 (if %yy% LSS 70 (set yy=20%yy%) else (set yy=19%yy%))
REM if 1%mm% LSS 100 set mm=0%mm%
REM if 1%dd% LSS 100 set dd=0%dd%
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

If like me you are one who spends a lot of time working and scripting with cmd.exe, sometimes it is handy to be able to quickly view a calendar for a given month and year. This script will quickly do just that!  Save the code posted below to a .bat …
How to remove superseded packages in windows w60 or w61 installation media (.wim) or online system to prevent unnecessary space. w60 means Windows Vista or Windows Server 2008. w61 means Windows 7 or Windows Server 2008 R2. There are various …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now