I have just downloaded LogParser to hopefully assist me in monitoring our Windows FTP logs. LogParser looks like a great tool, but I really need a quick start. Does anyone have examples of monitoring Windows FTP Logs for things such as, Login Failures,
login attempts as Anonymous, List of IP addresses that have accessed the FTP site, etc.? I would appreciate any and all script examples, from the very basic to the more advanced. I believe the format of our FTP Logs would be considered "IISW3C". I'd
really like to be able to read the logs realtime, and as I read each event, ship each event to our centralized syslog on an HP-UX UNIX server. If you have ideas on how to set something like this up, I'd appreciate that, as well. Thanks in advance!
I haven't seen the formatting on the Win FTP format files, but as you said, it is probably similar in format as the IIS formats. You can try a basic query with LogParser using the -queryinfo option at the end to see what LP will return.
logparser "select * from <ftplogfilename>" -queryinfo
Query fields:
EventLog (S) RecordNumber (I) TimeGenerated (T)
TimeWritten (T) EventID (I) EventType (I)
EventTypeName (S) EventCategory (I) EventCategoryName (S)
SourceName (S) Strings (S) ComputerName (S)
SID (S) Message (S) Data (S)
If it can parse the file correctly it will return column heads and field types for each entry, without additional help. If not, specify an input format -i:iisw3c or -i:iis at the end and see if you get better results.
If these don't provide what you are looking for, you can always use CSV or TSV formats, along with a header file to define each column head. I have done this form my Exchange 5.5 tracking logs (as they don't use IIS - SMTP until 2000 or 2003). The online
help can help with formatting your command line ("logparser -? -i:csv").
Gabriele's book is wonderful and I'd suggest picking one up. (Got mine at Barnes!). Lots of examples to help point you in the right direction.
Anonymous
6623 Posts
Windows FTP Logs
Jul 06, 2005 10:47 AM|LINK
I have just downloaded LogParser to hopefully assist me in monitoring our Windows FTP logs. LogParser looks like a great tool, but I really need a quick start. Does anyone have examples of monitoring Windows FTP Logs for things such as, Login Failures, login attempts as Anonymous, List of IP addresses that have accessed the FTP site, etc.? I would appreciate any and all script examples, from the very basic to the more advanced. I believe the format of our FTP Logs would be considered "IISW3C". I'd really like to be able to read the logs realtime, and as I read each event, ship each event to our centralized syslog on an HP-UX UNIX server. If you have ideas on how to set something like this up, I'd appreciate that, as well. Thanks in advance!
Anonymous
6623 Posts
Re: Windows FTP Logs
Jul 07, 2005 05:20 PM|LINK
I haven't seen the formatting on the Win FTP format files, but as you said, it is probably similar in format as the IIS formats. You can try a basic query with LogParser using the -queryinfo option at the end to see what LP will return.
logparser "select * from <ftplogfilename>" -queryinfo
______________________________________________________
______________________________________________________
If it can parse the file correctly it will return column heads and field types for each entry, without additional help. If not, specify an input format -i:iisw3c or -i:iis at the end and see if you get better results.
If these don't provide what you are looking for, you can always use CSV or TSV formats, along with a header file to define each column head. I have done this form my Exchange 5.5 tracking logs (as they don't use IIS - SMTP until 2000 or 2003). The online help can help with formatting your command line ("logparser -? -i:csv").
Gabriele's book is wonderful and I'd suggest picking one up. (Got mine at Barnes!).
Lots of examples to help point you in the right direction.