Post Sun Jul 27, 2008 6:47 am

Remote IIS Log Parsing by Specifying a full IIS Metabase Path

Hi All,

Need some help with Log Parser.

Log Analysis for IIS Log Files using Log Parser can be done in 2 ways:
  • By specifying the paths to the log files, or
  • By spedifying the ID number of a virtual IIS site

If we want to parse the log file of the site with ID 1 (the default Web site) from the local system running IIS, the command is:

logparser -i:IISW3C -o:NAT "SELECT date, time, csi-uri-stem FROM <1>"

To do the same from a remote machine running Log Parser, the command is (according to Microsoft Log Parser Toolkit by Gabriele Giuseppini):

logparser -i:IISW3C -o:NAT "SELECT date, time, csi-uri-stem FROM </MYSERVER2/W3SVC/1>"

However, whey I follow the command, I get the following error:

C:\Program Files\Log Parser 2.2>logparser -i:IISW3C -o:NAT "SELECT date FROM </i
Error: The specified FROM-ENTITY is not a filename, a Metabase path nor a ODBC s
pecification: Error creating the IMSAdminBase object on machine infra1: The spec
ified module could not be found.

C:\Program Files\Log Parser 2.2>

What could be wrong? What is the right format to parse remote IIS logs by specifying a full IIS metabase path?
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

[b]There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n