Log Parser Architecture

Log Parser

previous page next page

Log Parser Architecture

Log Parser is made up of three components:

  • Input Formats are generic record providers; records are equivalent to rows in a SQL table, and Input Formats can be thought of as SQL tables containing the data you want to process.
    Log Parser's built-in Input Formats can retrieve data from the following sources:

    • IIS log files (W3C, IIS, NCSA, Centralized Binary Logs, HTTP Error logs, URLScan logs, ODBC logs)
    • Windows Event Log
    • Generic XML, CSV, TSV and W3C - formatted text files (e.g. Exchange Tracking log files, Personal Firewall log files, Windows Media® Services log files, FTP log files, SMTP log files, etc.)
    • Windows Registry
    • Active Directory Objects
    • File and Directory information
    • NetMon .cap capture files
    • Extended/Combined NCSA log files
    • ETW traces
    • Custom plugins (through a public COM interface)

  • A SQL-Like Engine Core processes the records generated by an Input Format, using a dialect of the SQL language that includes common SQL clauses (SELECT, WHERE, GROUP BY, HAVING, ORDER BY), aggregate functions (SUM, COUNT, AVG, MAX, MIN), and a rich set of functions (e.g. SUBSTR, CASE, COALESCE, REVERSEDNS, etc.); the resulting records are then sent to an Output Format.

  • Output Formats are generic consumers of records; they can be thought of as SQL tables that receive the results of the data processing.
    Log Parser's built-in Output Formats can:

    • Write data to text files in different formats (CSV, TSV, XML, W3C, user-defined, etc.)
    • Send data to a SQL database
    • Send data to a SYSLOG server
    • Create charts and save them in either GIF or JPG image files
    • Display data to the console or to the screen

Note: Transmitting data through a non-secure network might pose a serious security risk to the confidentiality of the information transmitted.
For more information on the security risks associated with non-secure networks, see Security Considerations.

Architecture

IIS Input Formats Text Input Formats EVT Input Format FS Input Format REG Input Format ETW Input Format Custom Plugins Output Formats SQL Output Format CHART Output Format SYSLOG Output Format Output Formats Query Syntax

The Log Parser tool is available as a command-line executable (LogParser.exe) and as a set of scriptable COM objects (LogParser.dll).
The two binaries are independent from each other; if you want to use only one, you do not need to install the other file on your computer.

© 2004 Microsoft Corporation. All rights reserved.

previous page start next page