Iasparse Examples

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

IASParse Examples

Example 1: IAS Format

The following command starts IASparse and parses the iaslog.log file. It then records the authentication and accounting information that it receives in a log file in IAS format.

iasparse –f:iaslog.log

The line logged into the file: 172.31.230.187,rajeshp,02/09/2000,23:18:00,IAS,RA
JESHP2,6,2,7,1,5,11,61,5,64,1,65,1,31,172.31.225.108,66,172.31.225.108,4108,172.
31.230.187,4116,9,4128,rajeshp3,4147,311,4148,MSRASV5.00,4129,RAJESHP2\rajeshp,4136,1,4142,0

 NAS_IP_Address      :    172.31.230.187
 User_Name           :     rajeshp
 Record_Date         :     02/09/2000
 Record_Time         :     23:18:00
 Service_Name        :     IAS
 Computer_Name       :     RAJESHP2
 Service-Type        :     Framed
 Framed-Protocol     :     PPP
 NAS-Port            :     11
 NAS-Port-Type       :     Virtual
 Tunnel-Type         :     PPTP
 Tunnel-Medium-Type  :     IP
 Calling-Station-Id  :     172.31.225.108
 Tunnel-Client-Endpt :     172.31.225.108
 Client-IP-Address   :     172.31.230.187
 Client-Vendor       :    VENDOR
 Client-Friendly-Name:     rajeshp3
 MS-RAS-Vendor       :    Microsoft
 MS-RAS-Version      :     MSRASV5.00
 SAM-Account-Name    :     RAJESHP2\rajeshp
 Packet-Type         :     Access-Request
 Reason-Code         :    The operation completed successfully.

The line logged into the file: 172.31.230.187,rajeshp,02/09/2000,23:18:00,IAS,RA JESHP2,4130,RAJESHP2\rajeshp,4129,RAJESHP2\rajeshp,4128,rajeshp3,4116,9,4108,172.31.230.187,4136,3,4142,16

 NAS_IP_Address          :      172.31.230.187
 User_Name               :      rajeshp
 Record_Date             :      02/09/2000
 Record_Time             :      23:18:00
 Service_Name            :      IAS
 Computer_Name           :      RAJESHP2
 Fully-Qualifed-User-Name:      RAJESHP2\rajeshp
 SAM-Account-Name        :      RAJESHP2\rajeshp
 Client-Friendly-Name    :      rajeshp3
 Client-Vendor           :      VENDOR
 Client-IP-Address       :      172.31.230.187
 Packet-Type             :      Access-Reject
 Reason-Code             :      Authentication failure: unknown user name or bad password

Example 2: ODBC-Compatible Format

The following command starts IASparse and parses the iaslog.log file. It then records the authentication and accounting information that it receives in a log file in ODBC-compatible format.

IASParse

The line logged into the file: "RAJESHP3","IAS",05/17/1999,15:31:11,4,"rajeshp" ,,"172.31.225.108",,"20.20.20.3",,"172.31.230.187",11,9,"172.31.230.187","rajes p3",4294967295,5,,1,2,,,0,"311 1 172.31.230.187 05/17/1999 17:13:09 3",,1200,,, ,0,318,370,"14",1,0,13,13,,"37","0x00000001",,1,1,"172.31.225.108",,,,,,,,"MSRASV5.00",311,,,,

 Computer_Name           :      "RAJESHP3"
 Service_Name            :      "IAS"
 Record_Date             :      05/17/1999
 Record_Time             :      15:31:11
 Packet-Type             :      Accounting-Request
 User-Name               :      "rajeshp"
 Fully-Qualifed-User-Name:
 Called-Station-Id       :
 Calling-Station-Id      :      "172.31.225.108"
 Callback-Number         :
 Framed-IP-Address       :      "20.20.20.3"
 NAS-Identifier       :
 NAS-IP-Address          :      "172.31.230.187"
 NAS-Port                :      11
 Client-Vendor           :      VENDOR
 Client-IP-Address       :      "172.31.230.187"
 Client-Friendly-Name    :      "rajeshp3"
 Port-Limit              :      4294967295
 NAS-Port-Type           :      Virtual
 Connect-Info            :
 Framed-Protocol         :      PPP
 Service-Type            :      Framed
 Authentication-Type     :      Unknown
 NP-Policy-Name          :
 Reason-Code             :      The operation completed successfully.
 Class                   :      "311 1 172.31.230.187 05/17/1999 17:13:09 3"
 Session-Timeout         :
 Idle-Timeout            :      1200
 Termination-Action      :
 EAP-Friendly-Name       :
 Acct-Status-Type        :      Start
 Acct-Delay-Time         :      0
 Acct-Input-Octets       :      318
 Acct-Output-Octets      :      370
 Acct-Session-Id         :      "14"
 Acct-Authentic          :      Radius
 Acct-Session-Time       :      0
 Acct-Input-Packets      :      13
 Acct-Output-Packets     :      13
 Acct-Terminate-Cause    :      Unknown
 Acct-Multi-Ssn-Id       :      "37"
 Acct-Link-Count         :      "0x00000001"
 Acct-Interim-Interval   :
 Tunnel-Type             :      PPTP
 Tunnel-Medium-Type      :      IP
 Tunnel-Client-Endpt     :      "172.31.225.108"
 Tunnel-Server-Endpt     :
 Acct-Tunnel-Conn        :
 Tunnel-Pvt-Group-ID     :
 Tunnel-Assignment-ID    :
 Tunnel-Preference       :
 MS-Acct-Auth-Type       :
 MS-Acct-EAP-Type        :
 MS-RAS-Version          :      "MSRASV5.00"
 MS-RAS-Vendor           :      Microsoft
 MS-CHAP-Error           :
 MS-CHAP-Domain          :
 MS-MPPE-Encryption-Types:
 MS-MPPE-Encryption-Policy:

Example 3: Displaying the description associated with attributes in the log file.

The following command displays the description associated with attributes in the log file.

-v

For example, for this attribute:


Client-Vendor       : VENDOR

it shows this description:


Manufacturer of RADIUS proxy or NAS. (IAS only)

See Also

Concepts

Iasparse Overview
Iasparse Remarks
Iasparse Syntax
Alphabetical List of Tools
Bindiff Overview