I need to search the logs of all the servers in the array for a particular string. Specifically, I need to determine if a given user is using OWA, EWS, or something else with our CAS servers.
Is there a simple way for me to search all servers in the CAS Array in parallel?
Since this is mainly an IIS question, and Web Arrays are very common I doubt this is a "new" question but I can't find a similar answer elsewhere.
The two answers are log centralization or remote commands.
See Windows Server Event Log Collection and Analysis for the first and do some searching for Powershell for the second (example: Powershell Remoting: Howto Run a Comand on multiple Machines with individual Parameters?)
When you start needing to cross correlate logs between servers you should really look at a central log server such as Splunk. While it is possible to do so with other products like log parser, grep, etc most are designed for a single file as you have found.
one answer logparser.exe http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=24659
also a good companion is Visual log parser http://visuallogparser.codeplex.com/
Examples http://technet.microsoft.com/en-us/library/ee692659.aspx
More examples http://blogs.msdn.com/b/carloc/archive/2008/02/06/logparser-scripts-for-various-occasions.aspx
Some more examples Recommended LogParser queries for IIS monitoring?
You mean W3C logs, not event logs, right?
LogParser supports the use of multiple log files as input (i.e. *.log works in a FROM clause), so it's just a matter of consolidating the log files (or ensuring that they're accessible), which is usually fairly trivial to script.
