Review: Log Parser 2.2

• By Mike Gunderloy
• January 20, 2005

Log Parser 2.2
Free
Microsoft
Redmond, WA
www.microsoft.com

I've written about Log Parser before, but there's a new version hot off the virtual presses. And this is a useful enough tool that it deserves to be written about again. So, it's time for another look. The basic idea of Log Parser is simple: it lets you use a SQL dialect to grab information from a variety of non-SQL files, and output it in a variety of ways. For example, here's a query from the Log Parser help file that gets you the DNS name of every host that sent a request that was trapped by the URLScan ISAPI filter:

LogParser "SELECT DISTINCT REVERSEDNS(ClientIP) FROM URLSCAN"

What makes Log Parser such a great tool is its sheer flexibility. On the input side, you can grab data from IIS log files of all sorts, Windows event logs, generic log files, XML files, CSV files, text files, the registry, Active Directory, file listings, NetMon capture files, and ETW traces, among other things. If that's not enough, there's a COM plug-in API that lets you write your own interface so that Log Parser works with whatever files you're dealing with.

On the output side, you can write data back to various formats including text, CSV, and XML, send the results to a SQL database, throw them at a syslog server, create charts, or just send them to the console. The SQL engine supports a solid SELECT command and a lot of useful functions to do everything from string and date processing to URL escaping to looking up Win32 error codes. If that's not enough, Log Parser itself comes in two flavors: a command-line tool and a COM object that you can call from your own application or Web pages.

Other bells and whistles here include built-in conversions for some common tasks (IIS to W3C mode, for example), a command-line help system that is quite thorough, and switches to customize the behavior of most formats. Those with huge logs will also appreciate the new incremental parsing feature, which lets you set a checkpoint at the end of one parsing run and pick up from that point when you revisit the file next.

Overall, I've found Log Parser to be quite a useful addition to my own tool set. I'm not the only one; if you visit logparser.com (a site that I maintain on a volunteer basis), you'll find an active set of user-to-user support forums. If you're doing any sort of data extraction from log files, you're likely to find that Log Parser saves you time and coding effort.