Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Logparser 2.2 against Exchange 2010 RCA Logs

Posted on 2015-02-08
7
Medium Priority
?
622 Views
Last Modified: 2015-02-09
Exchange Server 2010 SP3 RU 8 Enterprise 64 Bit
Logparser 2.2
Windows 2008 R2 Server 64bit

rem @echo off

del clientip.txt

"C:\Program Files (x86)\Log Parser 2.2\logparser.exe" "SELECT Extract_Suffix(client-name,0,'=') as User,client-name as DN,client-software,client-software-version as Version,client-mode,client-ip,protocol from D:\Progra~1\Microsoft\Exchan~1\V14\Logging\RPC Client Access\RCA*.log WHERE (operation='Connect') GROUP BY User,DN,client-software,Version,client-mode,client-ip,protocol ORDER BY User" -i:CSV -nSkipLines:4 -o:CSV >c:\util\clientIp.txt

Open in new window




Results fail

C:\Util>clientip

C:\Util>rem @echo off

C:\Util>del clientip.txt

C:\Util>"C:\Program Files (x86)\Log Parser 2.2\logparser.exe" "SELECT Extract_Su
ffix(client-name,0,'=') as User,client-name as DN,client-software,client-softwar
e-version as Version,client-mode,client-ip,protocol from D:\Progra~1\Microsoft\E
xchan~1\V14\Logging\RPC Client Access\RCA*.log WHERE (operation='Connect') GROUP
 BY User,DN,client-software,Version,client-mode,client-ip,protocol ORDER BY User
" -i:CSV -nSkipLines:4 -o:CSV  1>c:\util\clientIp.txt
Error: Syntax Error: extra token(s) after query: 'Client'
C:\Util>cd\util

C:\Util>Pause
Press any key to continue . . .
Terminate batch job (Y/N)? y

C:\Util>

Is my code correct?
Thoughts?
0
Comment
Question by:Thomas Grassi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 25

Accepted Solution

by:
NVIT earned 2000 total points
ID: 40597278
Not sure where to start here...

Maybe change "RPC Client Access" folder name to the short version. You can get this via DIR /X D:\Progra~1\Microsoft\E
 xchan~1\V14\Logging\RPC*

Is this the first version of the command? If not, did it work earlier? Try reducing to an earlier version. Then build it up slowly and test each.
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40597287
Yes this is my first attempt

on Exchange 2007 you got this information from this command
get-logonstatistics myuser | sort-object clientipaddress | format-table username,clientipaddress,logontime,clientversion >c:\util\logon.txt

Now on Exchange 2010 that does not exist so I am trying to replicate the same report using logparser

DIR /X D:\Progra~1\Microsoft\Exchan~1\V14\Logging\RPC*   gives the same name I am using

RPC Client Access
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40599602
Hi

Any thoughts on this?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 25

Expert Comment

by:NVIT
ID: 40599684
As I mentioned, try a reduced version to track down this cause. Maybe something like:
"SELECT * from D:\Progra~1\Microsoft\Exchan~1\V14\Logging\RPC Client Access\RCA*.log" -i:CSV -nSkipLines:4 -o:CSV

If that works, build up:
"SELECT Extract_Suffix(client-name,0,'=') as User from D:\Progra~1\Microsoft\Exchan~1\V14\Logging\RPC Client Access\RCA*.log" -i:CSV -nSkipLines:4 -o:CSV

Etc...
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40599704
NewVillageIT

I figured it out It was

 
@echo off

del clientip.txt

"C:\Program Files (x86)\Log Parser 2.2\logparser.exe" "SELECT Extract_Suffix(client-name,0,'=') as User,client-name as DN,client-software,client-software-version as Version,client-mode,client-ip,protocol from 'D:\Program Files\Microsoft\Exchange Server\V14\Logging\RPC Client Access\RCA*.log' WHERE (operation='Connect') GROUP BY User,DN,client-software,Version,client-mode,client-ip,protocol ORDER BY User" -i:CSV -nSkipLines:4 -o:CSV >c:\util\clientIp.txt

cd\util

Open in new window



Had to change
D:\Progra~1\Microsoft\Exchan~1\V14\Logging\RPC Client Access\RCA*.log

To
'D:\Program Files\Microsoft\Exchange Server\V14\Logging\RPC Client Access\RCA*.log'


Now it runs
0
 
LVL 25

Expert Comment

by:NVIT
ID: 40599717
Awesome! Glad you got it working...
0
 
LVL 23

Author Closing Comment

by:Thomas Grassi
ID: 40599727
That lead me to the solution.

Just needed a little time to look over the code.


Thanks for your help

You have any knowledge about receive connectors?

I have an open questions on that subject if you can help with that one here it is

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28609455.html


Thanks again
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
This video discusses moving either the default database or any database to a new volume.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question