Logparser and Powershell

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Michel Klomp on Geeks with Blogs See other posts from Geeks with Blogs or by Michel Klomp
Published on Tue, 15 Mar 2011 14:45:41 GMT Indexed on 2011/03/15 16:11 UTC
Read the original article Hit count: 552

Filed under:

Logparser in powershell

One of the few examples how to use logparser in powershell is from the Microsoft.com Operations blog.

This script is a good base to create more advanced logparser scripts:

$myQuery = new-object -com MSUtil.LogQuery

$szQuery = “Select top 10 * from r:\ex07011210.log”;

$recordSet = $myQuery.Execute($szQuery)

for(; !$recordSet.atEnd(); $recordSet.moveNext())

{

            $record=$recordSet.getRecord();

            write-host ($record.GetValue(0) + “,”+ $record.GetValue(1));

}

$recordSet.Close();

Logparser input formats

The previous example uses the default logparser object, you can extent this with the logparser input formats. with this formats get information from the event-log, different types of logfiles, the Active Directory, the registry and XML files.
Here are the different ProgId’s you can use.

Input Format ProgId
ADS MSUtil.LogQuery.ADSInputFormat
BIN MSUtil.LogQuery.IISBINInputFormat
CSV MSUtil.LogQuery.CSVInputFormat
ETW MSUtil.LogQuery.ETWInputFormat
EVT MSUtil.LogQuery.EventLogInputFormat
FS MSUtil.LogQuery.FileSystemInputFormat
HTTPERR MSUtil.LogQuery.HttpErrorInputFormat
IIS MSUtil.LogQuery.IISIISInputFormat
IISODBC MSUtil.LogQuery.IISODBCInputFormat
IISW3C MSUtil.LogQuery.IISW3CInputFormat
NCSA MSUtil.LogQuery.IISNCSAInputFormat
NETMON MSUtil.LogQuery.NetMonInputFormat
REG MSUtil.LogQuery.RegistryInputFormat
TEXTLINE MSUtil.LogQuery.TextLineInputFormat
TEXTWORD MSUtil.LogQuery.TextWordInputFormat
TSV MSUtil.LogQuery.TSVInputFormat
URLSCAN MSUtil.LogQuery.URLScanLogInputFormat
W3C MSUtil.LogQuery.W3CInputFormat
XML MSUtil.LogQuery.XMLInputFormat
Using logparser to parse IIS logs

if you use the IISW3CinputFormat you can use the field names instead of de row number to get the information from an IIS logfile, it also skips the comment rows in the logfile.

$ObjLogparser = new-object -com MSUtil.LogQuery
$objInputFormat = new-object -com MSUtil.LogQuery.IISW3CInputFormat

$Query = “Select top 10 * from c:\temp\hb\ex071002.log”;

$recordSet = $ObjLogparser.Execute($Query, $objInputFormat)
for(; !$recordSet.atEnd(); $recordSet.moveNext())
{
    $record=$recordSet.getRecord();
    write-host ($record.GetValue(“s-ip”) + “,”+ $record.GetValue(“cs-uri-query”));
}
$recordSet.Close();

© Geeks with Blogs or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle