If that's a single file, I'd use a file splitter to make that into about 1,000 files, and then take the first 20 lines out of each file.
Enumerating the users in those lines should show you which account is generating the the bulk of the lines. I'd get a count of the lines in those files with 'wc', as well. Get 'split' and 'wc' from http://gnuwin32.sf.net or http://unxutils.sf.net If it's not immediately obvious from the above, then, with some findstr (or grep) magic in conjunction with 'wc' you can start to winnow down the list. If you want to get a bit more sophisticated, 'cut' and 'sed along with the above tools do yeoman work as well. Lastly, if you've not used it before, the MSFT tool logparser can help - there are tutorials around on how to use it. Kurt On Wed, Jan 25, 2012 at 08:19, Joseph L. Casale <jcas...@activenetwerx.com>wrote: > > I am offsite, but have access to a copy of about 10gig of transaction logs > that got created within a couple hours. > Anyone know how to analyze the logs themselves for an idea of who/what > created that mess in case I should be have someone remotely disable a user > for example? > > Thanks, > jlc > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe exchangelist > > --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
