LogParser (Microsoft Tool) to parse Logs/Files

LogParser (Microsoft Tool) to parse Logs/Files

Recently I went through a situation to parse windowslog files (*.evtx/*.evt files) to format output into a text file. Using this tool my job was finished very smooth and amazed seeing the output.

1. You can download LogParser tool from Microsoft

http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en

2. Run LogParser.msi file to install on your local system.

3. Copy the folder Logparser2.2 from c:\program files\Log parser 2.2 to d:\logparser on respect server/client system. If you want parse on a local system then there is no need to copy the folder.

4. Go to the directory on local system or remote system and run this command to format windows event logs into text format

D:\LogParser.exe “SELECT TimeGenerated, SourceName, EventCategoryName, Message INTO report.txt FROM ‘Directory Service’ WHERE EVENTID = 1307”

5. You can run this tool in a schedule task to parse event logs depend on your requirements.

6. You can parse remaining windows logs like Application, System, Security, DNS and File Replication Service by replacing “Drectory Service” in above command. There is no limit to use this tool and it depends on your imagination. You can find more documentation on this tool in installed folder as LogParser.chm.

Have a nice day!

Techie

Mount ISO image in Linux

Mount ISO image in Linux

A loop device is a pseudo-device that makes a file accessible as a block device. Loop devices are often used for CD ISO images and floppy disc images. They appear in the mount point directory using following commands:

1. Copy or ftp the iso image to /tmp or any other directory
2. Login as root
3. Create the directory "disk1" under /mnt directory as shown below
# mkdir -p /mnt/disk1
4. Use mount command to mount "test1.iso" image to above directory:
#mount -o loop /tmp/test1.iso /mnt/disk1
5. Change directory to see files:
# cd /mnt/disk1
# ls
6. Unmount using "umount" after finishing your job:
# cd /
# umount /mnt/disk1


Have a nice day! Techie

Duplicate emails in inbox

Duplicate emails

First check actually there is any duplicate messages are revieving or sending your SMTP server or email server with message tacking tool. Open System manger --->Tools --->Message tracking

If there is no duplication of deliveries, it could be that there is a corrupt email message in your inbox or on mail server.

Microsoft Outlook
1. Delete the corrupted email from your deleted items and all other folders.
2. If you don't know which one corrupted use "Mapieditor" to find it( you need Admin help on this)

Outlook Express
1. Download all messages from server
2. Delete all messages/emails on server for your mailbox

Problem: "Leave Messages on the Server" check box
Sometimes, The "Leave Messages on the Server" box has been checked on your Outlook Express account settings will cause duplicate messages.
Solution: Uncheck the"Leave messages on the Server" box. It is under Tools --->Accounts ---> Mail ---> Click on Mail account --->Click on Properties --->Advanced

Problem: Outlook Express downloads messages from a POP3 server twice.
Solution: There is not an available workaround for this problem. . . Simply delete the duplicate messages. :)

Have a Nice weekend!!!!
Ravi Challa

Recover deleted Outlook items/mails from any folder

Requirements: MS-Exchnage email account; Hands on experience to modify registry
Outlook provides a way to recover items after you have permanently deleted them, including after emptying the Deleted Items folder. You can recover items on before retension time of MS-Exchange server.
By default, to use the Recover Deleted Items command on the Tools menu, you must be viewing the Deleted Items folder. By modifying the registry, this command is available regardless of which Outlook folder that you are viewing. You can view and recover deleted items, including those items that were permanently deleted by using SHIFT+DELETE, for the folder that you are viewing.
Caution If you use the registry editor incorrectly, you might cause serious problems that might require you to reinstall your operating system. Use the registry editor at your own risk.
1. Exit Outlook.
2. Open the Windows registry editor.
3. Browse to My Computer\HKEY_LOCAL_MACHINE\Software\Microsoft\Exchange\Client\Options.
4. On the Edit menu, point to New, and then click DWORD Value.
5. Type the name DumpsterAlwaysOn.
Note Do not type any spaces in the name.
6. Set the DWORD value to 1.
7. Restart Outlook.
The Tools menu now has the Recover Deleted Items command for every Outlook folder. Now you can recover permanently deleted items from any folder. Steps to recover:
1. Highlight the respect folder and go to tools --->Options ----> Select Recover deleted items
2. Select the items to recover and click OK.
3. You are done and your items are back.

Have A Nice Day!
Ravi Challa