Quantcast
Channel: General Discussion
Viewing all 204 articles
Browse latest View live

Error: detected extra argument

December 17, 2014, 7:02 am
$
0
0

What am I doing wrong? I'm a LogParser newbie - just bought the book and doing ok until p5 :-( 

For some reason I can't seem to get anything workijng with the file: parameter

e.g.

C:\Program Files (x86)\Log Parser 2.2>LogParser.exe file: "Select TimeGenerated,
SourceName FROM System"
Error: detected extra argument "Select TimeGenerated, SourceName FROM System" af
ter query

and moving on: User Logons on p7

C:\Program Files (x86)\Log Parser 2.2>LogParser.exe file: "SELECT TimeGenerated,
SID FROM Security WHERE EventID = 528" -i:EVT -resolveSIDs:ON
Error: detected extra argument "SELECT TimeGenerated, SID FROM Security WHERE Ev
entID = 528" after query

Can anyone help? I'm desperate to plough on into the book but stuck at p5!

Thanks

J

Search

Logparser select newest 2 files for log location

January 19, 2015, 9:12 pm
$
0
0

Hello Experts!

Would like to ask how can I get the latest files from IIS logs to just get the newest 2 files. I'm asking this because I don't want my Activesync script to generate a report for all of existing log files from the IIS folder. Not sure how this is done but appreciate if you advise what would be the best approach on getting IIS logs.

So far here's the portion of the script where I want to limit inclusion:

$Destination + "' FROM  'D:\Logs\*.log' WHERE cs-uri-stem LIKE '%Microsoft-Server-ActiveSync%' GROUP BY DeviceType ORDER BY Hits, DeviceType DESC"

Thanks in advance!

Cheers,

Reynald

Searching for username

February 23, 2015, 4:58 pm
$
0
0

Can I use the Microsoft Log Parser to search for the event viewer log files for a particular username?

How can I give Log Parser permission to read folders?

March 9, 2015, 6:52 pm
$
0
0

I have a script that _almost_ works.  When I run this script, 

logparser.exe "select * into MIA_Logs from c:\inetpub\logs\LogFiles\*.log" -i:iisW3c -o:SQL -database:Web_Logs -createTable:off -recurse:-1

I get this error:

"Cannot open (from-entity): Error opening files: Error searching for files in folder c:\inetpub\logs\LogFiles\W3SVC11: Access is denied."

How can I give Log Parser permission to view these files and any other folders that IIS creates dynamically?

Thank you

Log Parser using custom logging fields and checkpoints in IIS 8.5

March 30, 2015, 5:25 am
$
0
0

I am having issues working out how to get around a problem I have to do with the use of custom logging fields in IIS 8.5 and Checkpointing together.

Overview:

So basically I am using the log parser to automatically gather all the IIS logs for all our live web sites from all our webservers and compile them into  database so we can sue this for centralised support/troubleshooting and giving developers visibility. I use the custom login fields to record the IP address for our customer as due to the way our load balancers need to interact with our webservers the client IP will only show the load balancers IP. To make this available in the logs I have setup the load balancer to insert a custom host header and then in IIS I have picked up this host header and written it to the log.

So that works brilliantly.

Obviously I also want to use check points so that it does have to parse all the IIS logs and also it doesn’t inset duplicate data.

Problem:

In order to use checkpoints I have to set the input type to IISW3C. This then gives me an error as it does not recognise the additional field (so I assume it has a static list it expects).

Parse Errors: Unknown field x-forwarded-for found in #fields directive

This will read this information fine is I use the input format of W3C but from what I can see that means you cannot use check points.

Error: invalid parameter "icheckpoint"

So basically I am left with either:

Choosing IISW3C and not recording the Customer IP information (which is one of the key reasons we want these logs) but being able to checkpoint.

Or

Choosing W3C so we can have out custom field and then not using the existing check pointing functionality. I would then have to look at developing my own version of check pointing (Massive shame as it works so well and frustrating to re-invent the wheel)

Example log parser code that shows issue below:

If use IISW3C:

C:\Program Files (x86)\Log Parser 2.2>logparser "select * from c:\inetpub\logs\LogFiles\W3SVC2\*x.log" -i: IISW3C -iCheckpoint: c:\inetpub\logs\LogFiles\W3SVC2\Checkpoint.lpc

If use W3C

C:\Program Files (x86)\Log Parser 2.2>logparser "select * from c:\inetpub\logs\LogFiles\W3SVC2\*x.log" -i:W3C -iCheckpoint: c:\inetpub\logs\LogFiles\W3SVC2\Checkpoint.lpc 

I really appreciate that you have taken the time to read this and if you have any suggestions/advice or ideas on what I can do this would be greatly appreciated.

Log Parser how to get real hits for site

April 15, 2015, 12:41 pm
$
0
0

Hi everybody,

i try to get the hits from a an aspx site so far is that working but the resault is wrong. The top site has 75089 hits and that can't be true(small SharePoint Environment).

My Query:

Select Top 50 cs-uri-stem AS Url, Avg(time-taken) AS [Response Time], Count(cs-username) AS Hits

FROM '[LOGFILEPATH]'

Where  (cs-uri-stem like '%%.asp' or cs-uri-stem like '%%.aspx')

Group By Url

Order by hits DESC

Is there something wrong?

Mailbox Access Auditing

May 6, 2015, 4:58 pm
$
0
0

I am trying to write a query that will return a list of mail users that has accessed another users mailbox in Exchange 2007 "Exchange Auditing" event log. Also, would like to not return any mail users who has accessed another users mailbox if it includes anything that begins with the letter "a" .  The reason the letter "A", is because i am trying to pull access by service accounts or any other account that is not an employee account. The problem I am running into is that the string value returns a whole slew of information from event viewer. By the way, the accounts that begin with a all have (6) digit numbers that follow. 

Example: 

thewiz\a123456 (Should not return)

thewiz\bhamilton (Should return)

Log parser query I am using and trying

/* New Query */

SELECT DISTINCT EXTRACT_TOKEN(Strings,3,'|') As ADACCT, EXTRACT_TOKEN(Strings,4,'|') AS LogonID, EXTRACT_TOKEN(Strings,5,'|') AS Mailbox,TimeGenerated
From '\\Exch1\Exchange Auditing'
WHERE ( Strings Not LIKE 'thewiz\a%' AND EventID=10100)
AND Mailbox <> '<NULL>'

here is an example event log

The folder /Inbox in Mailbox 'bhamilton' was opened by user THEWIZ\pjackson
Display Name: Inbox
Accessing User: /o=TheWiz/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=pjackson
Mailbox: /o=TheWiz/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=bhamilton
Administrative Rights: false
Identifier: 0000000031456250
Client Information (if Available):
Machine Name: N/A
Address: 192.168.179.134
Process Name: OUTLOOK.EXE
Process Id: 0

Help with dates.....

May 15, 2015, 9:25 pm
$
0
0

Hello - 

I'm attempting to do some date/time matching on a CSV file, and am thinking I'm missing something fundamental with how logparser handles dates/times and comparisons.

Here's a snippet of my CSV file - 

URLVisitTimeHOURUserProfile
www.ebay.com2015-05-13 8:588user1
www.amazon.com2015-05-13 8:588user2

Basically, it's a log of the internet history pulled from various PC's on my network.  

I'm trying to do some charts based on days/hours/etc relative to today's time.  

I've managed to do some grouping/ordering by the day - 

logparser "SELECT to_timestamp(extract_prefix(to_string(VisitTime, 'yyyy-M-dd'), 0, ' '), 'yyyy-M-dd') AS DAY, COUNT(*) AS DailyHits INTO HITSDAILY-ALL.JPG FROM ALLHISTORY1.csv GROUP BY DAY ORDER BY DAY" -i:CSV -o:CHART -chartType:ColumnClustered -chartTitle:"Daily Page Hits - Last 7 Days" -groupSize:"1024x768" -q:ON

What I'm not figuring out is how to for example, pull everything from today, yesterday, this hour, last hour, and I have been through so many examples of IIS log querying by the hour that I think I have them memorized.  I can't seem to get anything to work. 

I'm not sure if it's my date formatting, or my understanding of the TIMESTAMP type, but I'm stuck.

Can I have an example of how to query based on the system_timestamp(), using my dataset?

Thank you everyone.

Search

Log Parser & Event Log Reader security group

May 22, 2015, 5:17 am
$
0
0

Good day everyone. I'm trying to figure out, can I minimize security permission when using Log Parser? We have a custom App on our serser, which creates a Log. Using my Event Log Reader security group, I can read event from this log, but when I'm using an app from our developers, which parses content of this log, I get an error about DLL missing. DLL is located in %windir%\System32. Any way to grant access without adding user to Local Admins?

How I can pass the parameter from .BAT file to .SQL File ?

January 2, 2008, 1:01 pm
$
0
0

Hello Sir,  

I have following two files (ie Bat and SQL )

 

Currently BAT FILE "test.bat" contains following command                         

BAT FILE - sqlplus -S myusr/mypwd@mytns @c:\temp\test\test.sql

                                                                                                               

Currently SQL FILE "test.sql" contains the following queries.                        

SQL FILE - update tdue set mybatch=0 where myloan=445241;

                  commit;

                                                                                                               

Now what I am trying is - I am getting one value in "test.bat" file, which I need to place in the "test.sql" file "mybatch=?" .

So How I can pass that values to the SQL file from the  BAT file. ?

FYI: I am using the Microsoft Windows XP.

Thanks

Kamlesh Gujarathi.

New GUI tool for MS Log Parser, Log Parser Lizard

December 5, 2007, 8:10 am
$
0
0

Becouse the command-line interface for Microsoft Log Parser is not very intuitive, I have created Log Parser Lizard, a Microsoft Log Parser GUI tool for managing queries, exporting results to Excel, charts, etc… In addition I have added input filters for log4net file format and SQL server T-SQL queries.

You can download Log Parser Lizard from here www.lizardl.com

Microsoft.Net 2.0 is required.

 

Can't convert date string to timestamp

June 30, 2015, 3:54 pm
$
0
0

Hi,

I'm trying to get stats per day from a perfmon csv file using this command :  logparser -file:"C:\IISLogANALYSIS\LOGS\testquery01.sql" -i:CSV C:\IISLogANALYSIS\LOGS\MergedCsvFiles.csv -iTsFormat:"MM/dd/yyyy hh:mm:ss.ll"

But i have an error detected extra argument "hh:mm:ss.ll" after query

I also tried -iTsFormat:"MM/dd/yyyy hh:mm:ss.llx" and not working

The date format in the csv file is a string : "06/30/2015 14:31:59.272" and I want to convert it to timestamp

testquery01.sql : SELECT TO_STRING(Day, 'MM/dd/yyyy') AS DayStr,
MAX([\\test\Active Server Pages\Request Execution Time]) AS Maxrequest
USING QUANTIZE ([(PDH-CSV 4.0) (Eastern Daylight Time)(240)], 86400) AS Day
INTO C:\IISLogANALYSIS\LOGS\output.csv
FROM C:\IISLogANALYSIS\LOGS\MergedCsvFiles.csv
GROUP BY Day

Can anyone help me with my problem. Thanks a lot.

How to Run the same LogParser command for all the log files in a directory?

February 5, 2004, 7:28 pm
$
0
0

I have a directory that contains many log files.  It turns out that using the input format "TEXTLINE" will allow me to extract the date/time that I need, so my question is: how do I execute the same Logparser command for each of the log file in that directory?  Is there a recursive type of command?

The only tricky thing is that some of those log filenames have spaces in them, so I would have to replace those filenames with the /u0020 character.  But maybe I can rename them manually before running Logparser.

Log Parser to find URI's in Unusual Patterned Logs

August 2, 2015, 6:24 am
$
0
0

<div class="post-text">

I have large size logs and need find the reverse proxy and the count of the distinct uri. The format of the log is as below:

Jan 29 0:03:07 fpp-mp-a01 127.3.0.0 - 33.42.670.281, 126.7.0.0 akman_t1 CN=U-100927121845499116,OU=K,OU=A,OU=External,OU=Persons,O=indigo Form [29/Jan/2014:00:03:07 +0200] POST /amm-server-serv4/main HTTP/1.1 200 246 6454 - Java/1.8.0_45

Jan 29 0:03:07 fpp-mp-a01 127.3.0.0 - 81.58.160.252 Not Protected [29/Jan/2014:00:03:07 +0200] GET /flyworld HTTP/1.1 302 494 452 - Wget/1.11.4 Red Hat modified

Here, I want to find out all the uri after the method "GET /flyworld" i.e fly world, amm-server-serv4, etc. in the logs and the total sum of count.

I used the query:



LOGPARSER "Select distinct TEXT, Count(Text) as Hits from C:\LOGS\*.log where Text like '%POST /%' OR Text Like '%GET /%' GROUP BY TEXT order by Hits" -i:TEXTLINE -q:Off -o:DATAGRID

But I am not getting the output as Name of server & total Hits

Error: query has not be defined

August 2, 2015, 1:16 pm
$
0
0

Hi, 

I´ve worked with logParser during a couple of years, and currently I have an apparently  simple query and I couldn't make it work.

I have a csv input file and I want to get and specific value based on  a value from field Key1

Basically the structure is as follows

Key1             distance1         etc1                etc2  

mean1             val1              valetc1        valetc2

mean             val                  valetc            valetc

etc

etc

My query is:

LogParser -i=CSV -o=CSV "SELECT key1, distance1  INTO 'C:\summary.csv' FROM 'C:\data\data_gap.csv' WHERE key1 = 'Mean'"

This query fails and logparser gives the message  "Error: query has not been specified"

I´m frustrated because looks like a very simple query.

Any recommendations?

Thanks

Search

Find users with first hit URL of the day

August 20, 2015, 7:12 am
$
0
0

Can someone help to build a query in order to find list of users with first hit URL of the day?

J Justin

Logparser query that contains groupby and sub query

September 22, 2015, 1:34 am
$
0
0

Hi Team,

I have below sql table with name MessageInfo

   CreatedDate               ID             Message    2015-05-29 7:00:00      AOOze            abc    2015-05-29 7:05:00      AOOze            start    2015-05-29 7:10:00      AOOze            Available    2015-05-29 7:15:00      AOOze            lab    2015-05-29 7:20:00      AOOze            lmn       2015-05-29 7:30:00      AOOze            start    2015-05-29 7:35:00      AOOze            stop    2015-05-29 7:40:00      AOOze            pqy

i have return below query to get the time difference between Min Created DateTime and message "stop", only for the ID that contains Message "Available"

select Id,        MIN(CreatedDate) AS 'StartTime',        MAX(case when MessageInfo.Message like 'Stop' then  MessageInfo.CreatedDate end) AS 'EndTime',        DATEDIFF(second,MIN(CreatedDate,    MAX(case when MessageInfo.Message like 'Stop' then  MessageInfo.CreatedDate end)) AS 'TimeDifference' from MessageInfo where Id in (                     SELECT distinct ID                     from MessageInfo                     where Message = 'Available' and createdDate > '2015-09-21 04:36:02.670')  group by Id  Order By TimeDifference Desc

Same information in table is now written to logfile with comma seperated. Can you please share a logparser query for above sql query.

Query in Logparser to filter for a SharePoint post id

September 24, 2015, 2:05 pm

VBscript LogParser Query issue

October 9, 2015, 5:52 pm
$
0
0

I am having an issue with a query I wrote for log parser which is running in one of my VBscripts.  I swear it was working last night, but today, no such luck.

The purpose of this query is to return all files which were modified after the last time the script ran.  The variable "LastRunDateTime" is a string in the format of "yyyy/MM/dd hh:mm:ss tt" (basically the last thing the script does when it runs is drop a "now" into a text file.  then the first thing it does the next time it runs is pull that date/time out of the text file and put it in "LastRunDateTime").

The problem I am having is that this code seems to return ALL files.  I put a msgbox in the code, just to manually compare the date/times, Which allowed me to verify that files were getting into the recordset which should not be in there (lastwritetimes WAY before the lastrundatetime).

Here is the code, any help you can provide would be greatly appreciated.

Set objLogParser = CreateObject("MSUtil.LogQuery")
Set objInputFormat = _
    CreateObject("MSUtil.LogQuery.FileSystemInputFormat")
objInputFormat.recurse = -1

strQuery = "SELECT TO_LOWERCASE (Path) AS NewPath, LastWriteTime FROM " & _"'e:\video\tv\*.*' WHERE (NOT Attributes LIKE '%D%') AND (LastWriteTime >= to_timestamp('" & LastRunDateTime & "','yyyy/MM/dd hh:mm:ss tt')) ORDER BY NewPath"
wscript.echo "about to fill TV RS..."
Set objRecordSet = objLogParser.Execute(strQuery, objInputFormat)
wscript.echo "done filling TV RS..."
TVOutPut = ""
Do While Not objRecordSet.AtEnd
   Set objRecord = objRecordSet.GetRecord
   tempout = replace(replace(objRecord.GetValue("NewPath"),"e:\video\tv","https://tvd.hammerlingfamily.com"),"\","/")
   msgbox tempout & vbcrlf & "last write time = " & chr(34) & objRecord.GetValue("LastWriteTime") & chr(34) & vbcrlf & "lastrundate = " & chr(34) & LastRunDateTime & chr(34)
   temparray = split(tempout,"/")
   TVOutput = TVOutPut & sp &"<a href= " & chr(34) & tempout & chr(34) & ">" & temparray(ubound(temparray)) & "</a><br>"
   objRecordSet.MoveNext
Loop

Read files where the file's name are inside a CSV file

October 27, 2015, 5:23 am
$
0
0

Is it possible to read the log files where the files name and path are inside a CSV file using LogParser?

Viewing all 204 articles
Browse latest View live
Search