Ethical Hacker Community Forums

Ethical Hacking Discussions and Related Certifications => Forensics => Topic started by: Manu Zacharia (-M-) on July 27, 2008, 06:47:52 AM


Title: Remote IIS Log Parsing by Specifying a full IIS Metabase Path
Post by: Manu Zacharia (-M-) on July 27, 2008, 06:47:52 AM
Hi All,

Need some help with Log Parser.

Log Analysis for IIS Log Files using Log Parser can be done in 2 ways:
  • By specifying the paths to the log files, or
  • By spedifying the ID number of a virtual IIS site

If we want to parse the log file of the site with ID 1 (the default Web site) from the local system running IIS, the command is:

Code:
logparser -i:IISW3C -o:NAT "SELECT date, time, csi-uri-stem FROM <1>"

To do the same from a remote machine running Log Parser, the command is (according to Microsoft Log Parser Toolkit by Gabriele Giuseppini):

Code:
logparser -i:IISW3C -o:NAT "SELECT date, time, csi-uri-stem FROM </MYSERVER2/W3SVC/1>"

However, whey I follow the command, I get the following error:

Code:
C:\Program Files\Log Parser 2.2>logparser -i:IISW3C -o:NAT "SELECT date FROM </i
nfra1/W3SVC/1>"
Error: The specified FROM-ENTITY is not a filename, a Metabase path nor a ODBC s
pecification: Error creating the IMSAdminBase object on machine infra1: The spec
ified module could not be found.

C:\Program Files\Log Parser 2.2>
What could be wrong? What is the right format to parse remote IIS logs by specifying a full IIS metabase path?


Powered by SMF 1.1.7 | SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com