Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

All Forums  General SQL Server Forums  New to SQL Server Programming  Detect Variations

Author  Topic  itsmevic Starting Member 1 Post Posted - 2009-04-09 : 16:23:05 Hi, I'm using Logparser which uses a lite SQL engine and operates and is driven off of SQL syntax. This is what I'd like to do: I'm trying to parse through my authentication logs to determine if there is IP variation from the same User that has logged in. For example: JDOE, shows to have logged in 10 times on 4/9/2009. 9 of those logins show the same IP and EventID (540 in this example). However 1 of JDOES logins shows a completely different IP address as well as a weird type of Event code (example: shows 800). I'd like the SQL statement tell tell me about these variations but haven't quite figured out the correct syntax for it. I convert the log file to a CSV with that has the following headers (in order): <b>DATE, TIME, EVTID, STATUS, DC, DOMAIN, USERNAME,IP,LOGIN-TYPE,AUTH-PROTOCOL</b> SELECT * FROM \\server\logs\auth.csv WHERE IP (this is where I need to set the IP range at '000.000.000.000,999.999.999.999') and then the logic behind the statement. I can't figure the correct syntax out and it's driving me nuts, in fact I don't know if it's even possible without employing some sort of script (which I'm hoping is not the case because I'd like to think SQL syntax is advance enough to handle something like this query. Any help is GREATLY APPRECIATED!!!