Usage Event Logging in Windows SharePoint Services - Annotated
A great article on Event Logging in Windows SharePoint Service appeared in july 2004 on MSDN on how to parse the log files that Windows SharePoint Services produces when logging is enabled. The article describes the format of these log files and provides a sample that demonstrates some of the basics for creating a tool that parses the files to extract information about site usage.
This blog post provides more detailed information on the binary log format. This information is especially useful if you want to provide a managed version in for example C# of the log file parser.
Applies to: Microsoft Windows SharePoint Services 2.0, Microsoft SharePoint Portal Server 2003
Exact binary format (see also the referenced article for more info on the fields):
|
Field |
Bytes |
Details |
|
pPrev |
4 (ABCD) |
Value=A|(B<<8)|(C<<16)|(D<<24) |
|
bitFlags |
1 |
- |
|
- |
1 |
Padding to get to WORD boundary |
|
cbEntry |
2 (AB) |
Value= A|(B<<8) |
|
cbSiteUrl |
2 (AB) |
Value= A|(B<<8) |
|
cbWeb |
2 (AB) |
Value= A|(B<<8) |
|
cbDoc |
2 (AB) |
Value= A|(B<<8) |
|
padding2 |
2 |
Padding to get to DWORD boundary |
|
cBytes |
4 (ABCD) |
Value=A|(B<<8)|(C<<16)|(D<<24) |
|
httpStatus |
2 (AB) |
Value= A|(B<<8) |
|
cbUser |
2 (AB) |
Value= A|(B<<8) |
|
cbQS |
2 (AB) |
Value= A|(B<<8) |
|
cbRef |
2 (AB) |
Value= A|(B<<8) |
|
cbUAS |
2 (AB) |
Value= A|(B<<8) |
|
padding3 |
2 |
Padding to get to DWORD boundary |
|
Reserved |
4 |
- |
|
- |
1 |
\r |
|
- |
1 |
\n |
|
SiteGuid |
36 |
ASCII string |
|
- |
1 |
0 (delimits string in C++) |
|
Time |
8 |
ASCII string (HH:MM:SS) |
|
- |
1 |
0 (delimits string in C++) |
|
SiteUrl |
cbSiteUrl |
ASCII string |
|
- |
1 |
0 (delimits string in C++) |
|
WebUrl |
cbWebUrl |
ASCII string |
|
- |
1 |
0 (delimits string in C++) |
|
DocName |
cbDoc |
ASCII string |
|
- |
1 |
0 (delimits string in C++) |
|
UserName |
cbUser |
ASCII string |
|
- |
1 |
0 (delimits string in C++) |
|
QueryString |
cbQS |
ASCII string |
|
- |
1 |
0 (delimits string in C++) |
|
ReferrerUrl |
cbRef |
ASCII string |
|
- |
1 |
0 (delimits string in C++) |
|
UserAgent |
cbUAS |
ASCII string |
|
- |
1 |
0 (delimits string in C++) |