New Blog Post - Using the Microsoft Log Parser on Huge ORF Logs - ORF Forums

This is a really fast option. The only problem for me was making it quick and easy to use. With that in mind, I thought others might benefit from the VBS script below. It is raw, must be modified for each search, and is in other ways not very professional but might help somone get started faster than I did. (Sorry if this is not the right place to put this.)

<SCRIPT STARTS>
Dim oLogQuery
Dim oInputFormat
Dim oOutputFormat
Dim strQuery
Dim strWhere
Dim strOutputFilename
Dim strOrfeeLogFiles
Dim strProgramToOpenOutputFile
Dim blnOutputFormatUseTabs
Dim blnDebug
Dim intDaysToInclude
Dim strRecipient
Dim strSender

' --------------------------------------------
' ENTER VALUES FOR YOUR ENVIRONMENT
' --------------------------------------------

strOrfeeLogFiles = "\\dell-Opt-755\Orfee_Logs\*.log"
strOutputFilename = "N:\Batch\Orfee\OrfeeLogExport.csv" ' Will be over-written each time
strProgramToOpenOutputFile = "C:\Program Files (x86)\Microsoft Office\Office14\Excel"
blnOutputFormatUseTabs = TRUE
blnDebug = FALSE

' --------------------------------------------
' ENTER VALUES FOR THIS SEARCH
' --------------------------------------------

intDaysToInclude = 3
strRecipient = "" ' enter any part of recipient address to match or leave blank
strSender = "" ' enter any part of sender address to match or leave blank

' --------------------------------------------
' WHERE CLAUSE
' --------------------------------------------

intNumberOfHoursToInclude = intDaysToInclude * 24
strStartTime = DateAdd("h", -intNumberOfHoursToInclude, Now())
strStartTime = DateValue(strStartTime) & " " & FormatDateTime(Time(), 4)
strWhere = "WHERE Date-Time >= To_TimeStamp('" & strStartTime & "','MM/dd/yyyy hh:mm')"
strWhere = strWhere & " AND recipient LIKE '%" & strRecipient & "%'"
strWhere = strWhere & " AND sender LIKE '%" & strSender & "%'"

' --------------------------------------------
' SQL QUERY
'
' Note: converts date/time to timestamp and
' removes '+' from subject
' --------------------------------------------

strQuery = "SELECT TO_TIMESTAMP(x-event-datetime,'yyyy-MM-ddThh:mm:ss') As Date-Time, x-event-class AS Event,x-event-severity AS Severity,x-filtering-point AS Filter,x-ip AS IP-address,x-msg-id AS MsgID,x-sender AS Sender,x-recipients AS Recipient,Replace_Chr(x-msg-subject,'+',' ') AS Subject,x-event-msg AS Message"
strQuery = strQuery & " INTO '" & strOutputFilename & "'"
strQuery = strQuery & " FROM " & strOrfeeLogFiles
strQuery = strQuery & " " & strWhere
If blnDebug Then MsgBox strQuery

' --------------------------------------------
' LOG OBJECTS
' --------------------------------------------

Set oLogQuery = CreateObject("MSUtil.LogQuery")
Set oInputFormat = CreateObject("MSUtil.LogQuery.W3cInputFormat")
Set oOutputFormat = CreateObject("MSUtil.LogQuery.CSVOutputFormat")
oOutputFormat.tabs = blnOutputFormatUseTabs

' --------------------------------------------
' EXECUTE
' --------------------------------------------

oLogQuery.ExecuteBatch strQuery, oInputFormat, oOutputFormat

' --------------------------------------------
' OPEN OUTPUT FILE
' --------------------------------------------

Set oShell = WScript.CreateObject("WScript.Shell")
strCmd = Quoted(strProgramToOpenOutputFile) & " " & Quoted(strOutputFilename)
if blnDebug Then Wscript.echo strCmd
oShell.Run strCmd

' --------------------------------------------
' FUNCTIONS
' --------------------------------------------

' ----- QUOTE A STRING

Function Quoted(strInput)
Quote = Chr(34)
If Len(strInput)>0 Then
Quoted = Quote & strInput & Quote
Else
Quoted = strInput
End If
End Function


</SCRIPT ENDS>