« Previous Next »

Thread: Plugin log Parsing

Last post 01-31-2007 12:25 PM by LogParser User : DEinspanjer. 4 replies.

Average Rating Rate It (5)

RSS

Page 1 of 1 (5 items)

Sort Posts:

Shortcuts

Search | Active Posts | Unanswered Posts | View all users

  • 01-30-2007, 1:14 PM

    Plugin log Parsing

    Reply Contact

    Is there way to parse this plugin log?  Here is the sample line within the log.

    [17/Jan/2007:00:01:19 -0600] - audit "krsekime6 (win32:4170775546178949265)" 6527 Report queued: from 10.34.106.44, 23667 bytes, 844 ms

    I need the Machine name.  I thought about do it this vbscript using regular expression but, I thought logparser might be easier.  Here is the syntax I came up with:

    logparser -:httperr <filename> "select s-computername from <filename>"

    The syntax above doesn't work.  Does anyone have ideas?  I am new to logparser. 
    Tags:

  • 01-30-2007, 7:52 PM In reply to

    RE: Plugin log Parsing

    Mark as Answer
    Reply Contact
    I don't believe that is a format that LP understands so you will have to define the format in some way. You could use lots of string parsing, or you might try the RegexInputFormat plugin that I wrote and put in the Repository (link at the bottom of this page)
    Tags:

  • 01-31-2007, 8:19 AM In reply to

    RE: Plugin log Parsing

    Mark as Answer
    Reply Contact
    LogParser User : Young:
    Quote: I don't believe that is a format that LP understands so you will have to define the format in some way. You could use lots of string parsing, or you might try the RegexInputFormat plugin that I wrote...

    Ok, I will take a look at your regular express pulgin.  Here is what I have far has regex expression for the first part.  Would this express work with your plugin.

    [(.*) .....\] \"....? (\S*)

    Tags:

  • 01-31-2007, 11:30 AM In reply to

    RE: Plugin log Parsing

    Mark as Answer
    Reply Contact
    Yes, the plugin uses standard C# regex syntax.
    Tags:

  • 01-31-2007, 12:25 PM In reply to

    RE: Plugin log Parsing

    Mark as Answer
    Reply Contact
    LogParser User : Jeff:
    Quote: Is there way to parse this plugin log?  Here is the sample line within the log. [17/Jan/2007:00:01:19 -0600] - audit "krsekime6 (win32:4170775546178949265)" 6527 Report queued: from 10.34.106.4...

    Assuming krsekime6 is the machine name, then the parsing is:

    select "extract_token(extract_token(text,1,'"'),0,' ') as computername from <filename>"

     

     
    Tags:
Page 1 of 1 (5 items)
Microsoft Communities