Info Security
SQL Injection
Hot Linking
Desktop Lockdown
Log Analysis

Log Analysis - Manual

Opening log files

You can copy the exe file to any folder you want, you can even copy the file to an USB disk. There is no need to run an installer. You could copy the executable in any folder containing log files and create a shortcut on your desktop to run the file.

When you start the log analysis program, it will automatically look for log files (*.log) in the following order:

  • the current folder.
  • in subfolders with the names LogFiles, LogFile, Logs, Log
If there is only one log file, it will automatically open it. If there are more log files, a dialog is shown to select the log file to open. You can also cancel this dialog and open a log file with the menu File --> Open.

Viewing log entries

The viewer is split in 2 sections:

  • List of log entries. This shows the log entries in a scrollable grid. The program will automatically try to detect the field separator by looking for a #Fields header or by scanning the file for certain separators.
  • Details view for showing the currently selected log entry in the list. The details window will show the log entry on multiple lines (each field on a separate line). It will also detect uppercase keywords in the log entries and show them in red.

You can leave the application running, if there are entries added to the log file, the application will automatically append them to the list when you click in the log entries list or press F5.

Filter log entries

When you select something in the details view, you can filter it by right-clicking or going to the menu View --> Filter.

You can filter log entries for certain text. This filter can be set to include records with the string or to exclude those records.

You can also save your filter settings for later use. A file LogAnalysis.ini will be made if you go to View --> Save. Next time you start the application, the settings are loaded from this file.

DNS and WHOIS lookup

When you select something in the details view, you can do a DNS or WHOIS lookup by right-clicking or going to the menu Edit.

You can perform WHOIS lookups on an IP address that you selected in the detail view. The default WHOIS server is The tool will automatically perform recursive WHOIS lookups if you are not on the right WHOIS server.

The following are the most used WHOIS servers you can select from the drop down list. You can also type another WHOIS server.

More information about the WHOIS protocol.

Opening custom log files

When you open a log file where the fields are not defined and they are not separated by a certain separator character (tab,comma,semi-colon...), you can specify the field separator text yourself:

Custom settings for different log files

You can have different settings for different types of log files, as long as they are in a separate folder. When saving the settings a file LogAnalysis.ini is created (in the folder of the executable). Moving this file to your log files folder will only apply the settings to the files in that folder.

Merging log files and exporting views

If you want to merge multiple log files to one file for analysis, you can run this in a command prompt:

copy *.log merged.log

You can also export a (filtered) view to a new log file. Only the filtered log entries will be saved to the new file.

Published: 3/10/2008Document Type: General
Last modified: 26/07/2015Target: Administrator
Visibility: PublicLanguage: English

[top] Print Edit

Comments (use this form to send comments to the author of the page):
E-mail: (optional)
User Agents
My User-Agent?
Am I Infected?
You are not logged in
Serious about Security
Copyright © 2015 AQTRONIX. All rights reserved.