Using Log Parser
You can download the Log Parser kit from the Microsoft Web site
(http://www.microsoft.com/downloads/details.aspx?familyid=3D890cd06b-abf8-4c25-91b2-f8d975cf8c07&display
lang=3Den). The rudimentary installation procedure, which typically
takes less than a minute, creates the Log Parser 2.2 directory under
program files. This directory contains all the Log Parser files,
including the logparser .exe executable. If you’ve ever used SQL, Log
Parser will be familiar. For example, to count all the messages
received on the local server, I used the following command:
logparser “SELECT COUNT(*) FROM C:tempserver.log WHERE [Event-ID] 1028” –
i:W3C
This command generated the output that Figure 1 shows. All I asked Log
Parser to do is to count the number of records in the log file (i.e.,
C:tempserver.log) to which I pointed the utility. You can pass
parameters such as c:logs*.log to instruct Log Parser to process all
the message-tracking logs in a directory. In the previous example, Log
Parser looks for records with an event ID of 1028, which is the
identifier that Exchange writes into the message-tracking log when it
delivers a message to a local mailbox on a server. The -i:W3C
parameter tells Log Parser that the input file is in World Wide Web
Consortium (W3C) format. This speedy utility can process even very
large message-tracking logs in a flash: When I ran this sample
command, Log Parser processed more than 1,000,000 records in 16.5
seconds. . . .
