someITGuy
asked on
Log Parser - finding specific user in IISW3C files
I am new to log parser, need to figure out how to parse a ex*.log file for a specific user who is using OWA.
Does someone have the specific syntax to do this?
TIA.
Does someone have the specific syntax to do this?
TIA.
Hi,
are the usernames recorded in the log file? Why not just open it up in notepad and use 'find'?
Cheers.
are the usernames recorded in the log file? Why not just open it up in notepad and use 'find'?
Cheers.
Or try this:
"c:\program files\log parser 2.2\logparser" "SELECT * FROM <nnn> where cs-username='mike'"
where 'nnn' is the web site ID, and 'mike' is the username you are looking for.
This is going to just list a whole swag of log lines - is there anything in particular that you are looking for?
Cheers.
"c:\program files\log parser 2.2\logparser" "SELECT * FROM <nnn> where cs-username='mike'"
where 'nnn' is the web site ID, and 'mike' is the username you are looking for.
This is going to just list a whole swag of log lines - is there anything in particular that you are looking for?
Cheers.
ASKER
I am looking for any logged activity on this user account in a one week period, but I have log files for each day.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Getting this error:
C:\Program Files\Log Parser 2.2>logparser "SELECT * FROM 'c:\program files\log p
arser 2.2\ex100717.log' where cs-username='someone'"
Task aborted.
Cannot open <from-entity>: Error opening files: Error opening file
"c:\program files\log parser 2.2\ex100717.log": The system cannot find the
file specified.
C:\Program Files\Log Parser 2.2>logparser "SELECT * FROM 'c:\program files\log p
arser 2.2\ex100717.log' where cs-username='someone'"
Task aborted.
Cannot open <from-entity>: Error opening files: Error opening file
"c:\program files\log parser 2.2\ex100717.log": The system cannot find the
file specified.
Hi,
instead, use the web site ID instead of the log file. That will allow you to search across all available logfiles. e.g:
SELECT * FROM <1> where cs-username ...etc...
which will search the log files of the default web site.
Cheers.
instead, use the web site ID instead of the log file. That will allow you to search across all available logfiles. e.g:
SELECT * FROM <1> where cs-username ...etc...
which will search the log files of the default web site.
Cheers.
ASKER
The website is Exchange / IIS on a remote box w/o log parser installed. I am copying the files locally to parse on my PC.
got IIS installed on your pc?
easiest way is to copy them the default web site log directory (clear out all the old log files first) then run lagparser.
Cheers.
easiest way is to copy them the default web site log directory (clear out all the old log files first) then run lagparser.
Cheers.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have verified Someuser is in the log file in multiple places. This is all I get for output:
C:\Program Files\Log Parser 2.2>logparser -i:IISW3C "SELECT * FROM 'c:\program f
iles\log parser 2.2\ex100714.log' where cs-username='SomeUser'"
Statistics:
-----------
Elements processed: 813848
Elements output: 0
Execution time: 2.42 seconds
C:\Program Files\Log Parser 2.2>logparser -i:IISW3C "SELECT * FROM 'c:\program f
iles\log parser 2.2\ex100714.log' where cs-username='SomeUser'"
Statistics:
-----------
Elements processed: 813848
Elements output: 0
Execution time: 2.42 seconds
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I finally got it done by running this after copying all the log files I needed into my local IIS log file location:
logparser -i:IISW3C -o:CSV "SELECT * FROM 'C:\WINDOWS\system32\LogFi les\W3SVC1 \*.log' where cs-username='someuser'and date > '2010-05-01' and date < '2010-07-29'" > result1a.csv
logparser -i:IISW3C -o:CSV "SELECT * FROM 'C:\WINDOWS\system32\LogFi
Hi all,
I am having the following statement
C:\Programe Files\Log Parser 2.2> I am trying the exceute the follwwing query
logparser -i:IISW3C "SELECT cs-method as [METHOD],time-taken as [TOTAL TIME] from access_1.log_ecomcat_fe1
for that it is giving the following error
Task completed with parse errors
1 parse error occured during processing to see the details about parse errors execute the command with non zero value with "-e" argument.
Statistics:
-------------------------- -----
Elements Processed 0
Element Output 0
Execution Time 0.01 sec
logparser -e "SELECT cs-method as [METHOD],time-taken as [TOTAL TIME] from access_1.log_ecomcat_fe1
when i executed the above statement it gave the following error
error: query cannot be specified.
Please help me in this .
Thanks....
I am having the following statement
C:\Programe Files\Log Parser 2.2> I am trying the exceute the follwwing query
logparser -i:IISW3C "SELECT cs-method as [METHOD],time-taken as [TOTAL TIME] from access_1.log_ecomcat_fe1
for that it is giving the following error
Task completed with parse errors
1 parse error occured during processing to see the details about parse errors execute the command with non zero value with "-e" argument.
Statistics:
--------------------------
Elements Processed 0
Element Output 0
Execution Time 0.01 sec
logparser -e "SELECT cs-method as [METHOD],time-taken as [TOTAL TIME] from access_1.log_ecomcat_fe1
when i executed the above statement it gave the following error
error: query cannot be specified.
Please help me in this .
Thanks....
ASKER