Using Log Parser to analyse, view and export ISA logs in W3C format

Here is the official description and download site:

This blog (http://www.codinghorror.com/blog/archives/000369.html) gives more explaination and examples, although most articles on the Internet are about analysing IIS logs, but it also applies to ISA W3C logs if this is the way you choose for your ISA logging.

I borrowed this picture from the blog:

Besides basic SQL queries, another thing you need to know is the fields of ISA logging, here is the official info:

 

If the command line is too hard for you, there are a couple visual tools – freeware that can do the better job for you:

Log Parser Lizard GUI: http://www.lizardl.com/PageHtml.aspx?lng=2&PageId=18&PageListItemId=17

Visual Log Parser GUI: http://en.serialcoder.net/logiciels/visual-logparser.aspx

(Alt sites for Visual LogParser: http://www.sharewareconnection.com/visual-logparser.htm and http://www.codeplex.com/visuallogparser)

These two visual tools are very helpful if you are looking at a relatively large query results, like thousands of access records from a 2GB log file.  However, both tools have a bug in getting the values of date and time, they add 12:00:00AM in the date field and a date in the time field (LogParser Lizard adds year 0001, and Virsual Logparser adds year 2001), which is not necessary and when exported to Excel, year 0001 will make the time field overflow.  I will report this to the author.

 

P.S. If you need a quick look at the SQL query, here are some reference sites:

 

That’s almost all I’ve got since last night.  Have fun!