home *** CD-ROM | disk | FTP | other *** search
- =============================================================================
- Log Exporter September 02, 2003 Copyright 2002, 2003 Symantec Corporation
- =============================================================================
-
- Topics include:
-
- - Usage
- - Command Line Parameters
- - Export Filters
- - Wildcards
- - Samples
-
-
-
- =======================
- Usage
- =======================
- LogExprt.exe [-v] [-l{LOG}] [-x{FILE}] [-d{DELIMITER}] [-f{[+/-],Col,Data}]
-
-
-
- =======================
- Command Line Parameters
- =======================
- All command line parameters can be placed in quotes, in part or whole if
- spaces need to be specified.
-
- Parameter Usage
- ----------------------------------------------------------------------------
- -v View Command. If a LogID is specified with the -l
- command, this command lists the columns of the
- specified log. If a LogID is not specified, this
- command lists all available logs.
-
- -l{LogID} Specifies which log the other commands are for.
- LogID value should be one of the four-digit values
- representing the each log, such as 0009 for Alerts
- log.
-
- -x{FILE} Export Command. Exports the log specified with
- the -l command. If FILE is not specified, the
- log file name is used with .txt appended to the
- end of it.
-
- -d{DELIMITER} Specifies what single character to use as a
- delimiter when exporting the log. If -d command
- is not used, the default delimiter used will be
- the comma "," character (no quotes, just the comma).
- Quotes " cannot and should not be used, nor should
- any DBCS character be used as a delimeter symbol.
-
-
- -f{[+/-],Col,Data} Optional Filter Command. This command allows
- the user to filter the data that is exported.
- See the "Export Filters" section for more details.
-
-
-
- =======================
- Export Filters
- =======================
-
- -f{[+,-],Col,Data}
-
- + and - The + (plus) and - (minus) modifiers on the filters allows
- the user to specify what type of filter this is. + filters
- specify that NO event log entries will be exported unless
- it matches all + filters. - filters specify that ALL event
- log entries will be exported unless it matches any - filter.
-
- Col Specifies which column this filter applies to. To get
- a list of columns, use the -v command line parameter.
- Wildcards may be used for this field. This field
- is not case sensitive.
-
- Data Specifies the data to look for in the specified column.
- This data must be found in the column for the filter to
- take effect. Wildcards may be used for this field.
- This field is not case sensitive.
-
- When using multiple filters, if any filter excludes an event log entry,
- the entry is excluded regardless of included filters. For this reason,
- the order in which the user specifies filters is important. For example,
- the following two filters will produce different output if they are swapped:
-
- -f"+,remote,internal*" -f"-,Date,10/23*"
- -f"-,Date,10/23*" -f"+,remote,internal*"
-
-
-
- =======================
- Wildcards
- =======================
-
- The following wildcards can be used in the Col and Data fields of export
- filters:
-
- *
- Matches any sequence of characters (zero or more).
-
- ?
- Matches any single character.
-
- \
- Suppresses syntactic significance of a special character.
-
- [<set>]
- Matches any character in the specified set.
-
- [!<set>] or [^<set>]
- Matches any character not in the specified set.
-
- A set is composed of characters or ranges; a range looks like
- 'character hyphen character', as in '0-9' or 'A-Z'. Any ASCII character
- can be used in a set or a range.
-
- To suppress the special syntactic significance of any of '][*?!^-\',
- and match the character exactly, precede it with a '\'.
-
- Examples
- --------
- 10/2?/01
- Would match all days between the 20th and the 29th in October of 2001.
- Note: 10/2[0-9]/01 would accomplish the same thing.
-
- 10/*/01
- Would match any day in October of 2001.
-
- *.domain.com
- Would match any DNS entry that ended with domain.com.
-
- 192.168.*.*
- Would match all IP addresses that begin with 192.168.
- Note: 192.168* would accomplish the same thing.
-
- *.*.1.100
- Would match all IP address that end with 1.100.
- Note: *.1.100 would accomplish the same thing.
-
- 192.168.23[012].*
- Would match all IP addresses that begin with 192.168.230, 192.168.231,
- and 192.168.232.
-
- 192.168.10[0-6].*
- Would match all IP addresses between 192.168.100.000 and 192.168.106.255.
-
-
-
- =======================
- Samples
- =======================
-
- LogExprt.exe -v
- This command would list the available logs. The following is an example
- of the text output from this command:
-
- Available Logs:
- 0001 - Content Blocking
- 0002 - Connections
- 0003 - Firewall
- 0004 - Intrusion Detection
- 0005 - Privacy
- 0006 - Restrictions
- 0007 - System
- 0008 - Web History
- 0009 - Alerts
- 0011 - Confidential Info
- 0012 - Spam
-
- LogExprt.exe -v -l0001
- This would list the columns in the "Content Blocking" log.
-
- LogExprt.exe -x -l0002
- This would export the "Connections" log to a comma delimited file
- named "Connections.txt" in the current directory.
-
- LogExport.exe -x"c:\log.txt" -l0007
- This would export the "System" log to a comma delimited log file
- named "log.txt" in the root of the "C:" drive.
-
- LogExprt.exe -x -l0009 -d"~"
- This would export the "Alerts" log to a tilde delimited file
- named "Alerts.txt" in the current directory.
-
- LogExprt.exe -x -l0003 -f"+,Date,1/*/2002"
- This would export the "Firewall" log to a comma delimited file named
- "Firewall.txt" in the current directory. Only entries created during
- January 2002 will be exported to the file.
-
- LogExprt.exe -x -l0003 -f"+,Date,1/*/2002" -f"+,Message,*IEXPLORE*"
- This would export the "Firewall" log to a comma delimited file named
- "Firewall.txt" in the current directory. Only entries created during
- January 2002 that contain the word "IEXPLORE" in the message column
- will be exported to the file.
-