Security Concerns

Log Parser

Security Considerations

  • When using input and output formats to retrieve and send data over the network, users should be aware that most of the protocols utilized for data transfer (e.g. SMB, HTTP, and SYSLOG) do not make use of encryption, and could thus be vulnerable to interception and tampering by malicious entities.
    In order to provide a secure environment in which these network connections are less vulnerable to interception, users should implement the IPSec protocol on their networks, and/or use SSL HTTP connections when retrieving data from a Web URL.
  • When using the Incremental Parsing feature, users should store their checkpoint files in a secure location, and verify that checkpoint files have proper ACL's (Access Control Lists) preventing malicious entities from tampering with the data that the Log Parser input formats store in the checkpoint files.
  • When implementing custom input format COM objects, users should ensure that the objects are not accessible from local and remote low-privileged users, in order to prevent malicious entities from instantiating and using the custom input format objects from the local computer or from a remote computer.
    In order to deny access to low-privileged users, either set proper ACL's on the custom input format COM objects' binaries, or use the "DCOM Configuration" Management Console (available in the "Administrative Tools" folder under the "Component Services" management console) to explicitly allow selected users only local access to your custom input format COM objects.
  • When using the SQL output format, users should be aware that the ODBC connection properties provided through the SQL output format parameters, which include username and password, could be transmitted over the network in clear text. In addition, the data transmitted through the ODBC connection could be unencrypted and thus vulnerable to interception and tampering by malicious entities.
    In order to provide a more secure environment, users should create a Data Source Name (DSN) on the local computer specifying the connection properties to use for the connection to the database, and specify the name of the Data Source as a value to the dsn parameter of the SQL output format. Using a Data Source Name for the connection provides the following benefits:
    • The username and password for the connection are stored securely by the ODBC subsystem;
    • Certain ODBC drivers, including Microsoft SQL ServerTM ODBC drivers and Microsoft Access ODBC drivers, provide an option that allows users to enable encryption of the network traffic between the ODBC connection endpoints.
    For more information on securing the communication between the ODBC connections endpoints, see the MSDN® Data Access Security topic.
  • When processing sensitive or confidential data, users should provide proper ACL's on the files generated by the output formats or on the directories in which the output formats generate files, in order to prevent malicious entities from accessing and/or tampering with the output data generated by a query.


© 2004 Microsoft Corporation. All rights reserved.