W3C Input Format
The W3C input format parses log files in the W3C Extended Log File Format.
Examples of log files in this format include:
- Personal Firewall log files
- Microsoft Internet Security and Acceleration Server (ISA Server) log files
- Windows Media Services log files
- Exchange Tracking log files
- Simple Mail Transfer Protocol (SMTP) log files
Log files in this format begin with some informative headers ("directives"),
the most important of which is the "#Fields" directive, describing which fields
are logged at which position in a log row.
After the directives, the log entries follow. Each log entry is a space-separated list of
field values.
The following example shows a portion of a Personal Firewall W3C Extended Log File Format
log file:
#Verson: 1.0 #Software: Microsoft Internet Connection Firewall #Time Format: Local #Fields: date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info 2004-09-03 07:11:54 OPEN UDP 192.168.1.103 192.168.1.108 1026 53 - - - - - - - - 2004-09-03 07:11:54 OPEN TCP 192.168.1.101 192.168.1.108 3005 80 - - - - - - - - 2004-09-03 07:11:55 OPEN TCP 192.168.1.103 192.168.1.108 1104 139 - - - - - - - - 2004-09-03 07:11:55 OPEN TCP 192.168.1.104 192.168.1.108 1103 445 - - - - - - - -
Note: Differently than the IISW3C
input format, the W3C input format does not support log files with varying number and/or
position of fields. In other words, when parsing a set of W3C log files, all the log entries
in all the log files must be structured identically as declared by the first
"#Fields" directive encountered in the first log file.
From-Entity Syntax
Fields
Parameters
Examples
See also:
IISW3C Input FormatW3C Output Format