W3C Input Format

Log Parser

W3C Input Format

The W3C input format parses log files in the W3C Extended Log File Format.

Examples of log files in this format include:

  • Personal Firewall log files
  • Microsoft Internet Security and Acceleration Server (ISA Server) log files
  • Windows Media Services log files
  • Exchange Tracking log files
  • Simple Mail Transfer Protocol (SMTP) log files

Log files in this format begin with some informative headers ("directives"), the most important of which is the "#Fields" directive, describing which fields are logged at which position in a log row.
After the directives, the log entries follow. Each log entry is a space-separated list of field values.

The following example shows a portion of a Personal Firewall W3C Extended Log File Format log file:

#Verson: 1.0
#Software: Microsoft Internet Connection Firewall
#Time Format: Local
#Fields: date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info

2004-09-03 07:11:54 OPEN UDP 192.168.1.103 192.168.1.108 1026 53 - - - - - - - -
2004-09-03 07:11:54 OPEN TCP 192.168.1.101 192.168.1.108 3005 80 - - - - - - - -
2004-09-03 07:11:55 OPEN TCP 192.168.1.103 192.168.1.108 1104 139 - - - - - - - -
2004-09-03 07:11:55 OPEN TCP 192.168.1.104 192.168.1.108 1103 445 - - - - - - - -

Note: Differently than the IISW3C input format, the W3C input format does not support log files with varying number and/or position of fields. In other words, when parsing a set of W3C log files, all the log entries in all the log files must be structured identically as declared by the first "#Fields" directive encountered in the first log file.


From-Entity Syntax
Fields
Parameters
Examples


See also:

IISW3C Input Format
W3C Output Format


© 2004 Microsoft Corporation. All rights reserved.