By Gabriele Giuseppini and Mark Burnett
HIGHLIGHT
Written by Microsoft's Log Parser developer, this is the first book available on Microsoft's popular yet undocumented log parser tool. The book and accompanying Web site contain hundreds of customized, working scripts and templates that system administrators will find invaluable for analyzing the log files from Windows Server, Snort IDS, ISA Server, IIS Server, Exchange Server, and other products. |
A complete toolkit for Microsoft's undocumented log analysis tool
Date: Feb 2005
Pages: 350 (est.)
User level: All
|
DESCRIPTION
System administrators running Windows, Unix, and Linux networks manage anywhere from 1 to thousands of operating systems (Windows, Unix, etc.), Applications (Exchange, Snort, IIS, etc.), and hardware devices (firewalls, routers, etc.) that generate incredibly long and detailed log files of all activity on the particular application or device. This book will teach administrators how to use Microsoft's Log Parser to data mine all of the information available within these countless logs. The book teaches readers how all queries within Log Parser work (for example: a Log Parser query to an Exchange log may provide information on the origin of spam, viruses, etc.). Also, Log Parser is completely scriptable and customizable so the book and accompanying Web site will provide the reader with hundreds of original, working scripts that will automate these tasks and provide formatted charts and reports detailing the results of the queries.
KEY
SELLING POINTS
- Written by Microsoft's sole developer of Log Parser, this is the first book available on the powerful yet completely undocumented product that ships with Microsoft's IIS, Windows Advanced Server 2003, and is available as a free download from the Microsoft Web site.
- The book and accompanying Web site contain dozens of original, working Log Parser scripts and templates for Windows Server, ISA Server, Snort IDS, Exchange Server, IIS, and more!
- This book and accompanying scripts will save system administrators countless hours by scripting and automating the most common to the most complex log analysis tasks.
MARKET
INFORMATION
Microsoft Log Parser ships with Microsoft IIS and Windows Advanced Server 2003. Over 1/3 of all Internet sites are hosted by an IIS server, which means each Webmaster responsible for each of these Web sites has Log Parser available to them. In addition, Log Parser is also available as a free download from Microsoft's Web site.
ABOUT
THE AUTHOR
Gabriele Giuseppini is a Software Design Engineer currently working for Microsoft Corporation in the Security Business Unit, where he developed Microsoft Log Parser to analyze log files. Originally from Italy, after working for years in the digital signal processing field, he moved to the United States with his family in 1999, and joined Microsoft Corporation as a Software Design Engineer working on Microsoft Internet Information Services.
Mark Burnett (Microsoft MVP) is an independent security consultant, freelance writer, and a specialist in securing Windows-based IIS Web servers. Mark is the author of "Hacking the Code: ASP.NET Web Application Security" (Syngress Publishing, ISBN: 1932266-65-8) and co-author of Maximum Windows Security and is a contributor to Dr. Tom Shinder's ISA Server and Beyond: Real World Security Solutions for Microsoft Enterprise Networks (Syngress Publishing, ISBN: 1-931836-66-3). He is a contributor and technical editor for Syngress Publishing’s Special Ops: Host and Network Security for Microsoft, UNIX, and Oracle (ISBN: 1-931836-69-8). Mark speaks at various security conferences and has published articles in Windows & .NET, Information Security, Windows Web Solutions, Security Administrator, and is a regular contributor at SecurityFocus.com. Mark also publishes articles on his own Web site, IISSecurity.info.
TECHNOLOGY
BACKGROUND
Log files record all of the "events" that take place during a given period of time from products like Windows Server, Exchange Server, IIS, ISA Server, Snort, etc. Log files maintain a record of all user inputs and all events. An example of user input would be someone typing a password into a Web browser. An event would be an application being launched in Windows Server. The log files generated from any of these products can be literally hundreds of pages long for a 24-hour period. These inputs and events provide system administrators with invaluable information about the well being of their network. Log Parser is a tool which allows them to mine and manage all of this data.
System administrator's use Log Parser to search, analyze, cross-reference, and export these voluminous log files. Log Parser is a command-line utility that uses dozens of queries which can be used for hundreds of tasks from monitoring network performance to completing a forensics investigation. Log Parser ships with Microsoft's IIS and is also available as a free download from Microsoft's Web site. |
