Microsoft Log Parser Toolkit, $39.95
by Gabriele Giuseppini, Mark Burnett, et al
Syngress, 2005
437 pages
Examples in VBScript, C#, SQL
ISBN 1-932266-52-6
http://www.amazon.com/exec/obidos/ASIN/1932266526/larkware-20
Full Disclosure: I'm acknowledged as a contributor to this book, but actually all I did was offer some technical and moral support. I didn't write any of it and I don't have any financial stake in the book's success.
It's a bit unusual to have an entire 400+-page book devoted to a single tool, but then, Log Parser is a somewhat unusual tool. Having started its life as a way to extract rudimentary information from IIS log files, it has since developed into a general-purpose parser for log files of all types. It combines pluggable input and output formats with a fast SQL query engine for an amazing amount of flexibility. For example, you can use Log Parser to generate a bar chart showing the most popular downloads on your Web site - but you can use the very same tool to create a table in a SQL Server database with details on security audit events from the event log on your network's domain controller. This flexibility has been a bit of a problem for new users, as there's so much of the tool to learn, which is why it's very nice to have these hundreds of pages of examples to draw on.
There's a lot of ground covered here, and hundreds of pre-made scripts you can use (all of which are available from the book's Web site). You'll learn how to monitor IIS, how to dredge through the event log, how to use Log Parser to manage Snort intrusion detection logs, and how to investigate intrusions with Log Parser. There's a chapter on building your own extensions; Log Parser now has an API for plugging in your own input parsers, and this book is the first source of detailed information on how to make that work, complete with working examples. The chapter on working with complex data is also excellent, guiding you through some of the more advanced capabilities of the Log Parser SQL engine.
You can download Log Parser itself from the Microsoft Download site. Your next stop should probably be the Unofficial Log Parser Support Site, which I happen to maintain (in fact, it's running on the same physical server as Larkware). But if you're seriously interested in exploring the capabilities of the tool, this book is a must-have. You'll definitely get more out of Log Parser if you have a copy, and just flipping through it is likely to inspire new ideas about how you can use it to extract useful information from the data that likely floods your own network.