A brief overview of IIS 6.0 and the W3C extended log format

  • November 3, 2007
  • James Skemp
In Microsoft Internet Information Services (IIS) 6.0, you can choose to use a number of different formats for your access logs. Access logs contain information about what files are requested, whether the request was successful or not. Of all the available formats, the World Wide Web Consortium (W3C) extended log file format is by far the most flexible format available, as you can select the information that you would like to log.

Read More

Log Parser SQL query syntax (high-level)

  • October 25, 2007
  • James Skemp
The following is a high-level look at Log Parser's (version 2.2) SQL syntax. This does assume that you understand the specifics of each part, but for those that do not, this will be covered in a future tutorial. (This is more for my use.)  Bolded elements are required for any valid query, whereas the other elements are optional. SELECT USING INTO FROM WHERE GROUP BY HAVING ORDER BY Again, details about the specific parts, with real-world examples, will be covered in a future tutorial.

Read More

Log Parser script: Percent of status codes across all hits/requests

  • October 1, 2007
  • James Skemp
Note: This article was written using Log Parser 2.2. Therefore, while it may work for a different version, it may not. The following SQL can be used by Log Parser to generate a chart with the total requests (for a day, month, or year) and what percent each status code is of those requests. An example chart can be found at the end of this article. First, I assume that the below is put in the same directory as the logs you would like to parse.

Read More

How to ensure that performance counters continue after a restart

  • September 19, 2007
  • James Skemp
A few days ago my server was restarted in the early morning hours. I had been logging network and processor usage using Windows built-in performance monitoring, but when the server restarted, the logs did not. A bit of research later, it appears that there is a way to have Windows restart the logging after a system restart. To enable this, it seems you just need to have the log stop after a certain amount of time (for example, after x hours, or x days).

Read More

Using Log Parser to find users accounts used to log into an FTP site

  • September 13, 2007
  • James Skemp
The following Log Parser query can be used on FTP log files in order to determine what user names were used to login, or attempt to login, to an FTP site. logparser "select cs-uri-stem, count(cs-method) from ex*.log where cs-method like '%USER' group by cs-uri-stem order by count(cs-method),cs-uri-stem"  This assumes that you've added Log Parser to your path, and that you're running this from your log file directory. This query will tell you what ip addresses successfully logged into your FTP site.

Read More

Log Parser queries to find 400 and 500 http status codes

  • September 9, 2007
  • James Skemp
Note: This article was written using Log Parser 2.2. Therefore, while it may work for a different version, it may not. In a previous article, I discussed how to use Log Parser to find 404 errors in IIS log files. This time, I've made it a little broader, by giving some queries to find all 400 codes, and all 500 codes, through log files. There may be a better way to find these codes (instead of my IN statement), but a standard LIKE doesn't seem to work.

Read More

Find 404 errors using Log Parser

  • August 4, 2007
  • James Skemp
Note: This article was written using Log Parser 2.2. Therefore, while it may work for a different version, it may not. The following code will generate a listing of calls that generated a 404 error. logparser "SELECT cs-uri-stem, cs-uri-query, date, sc-status, cs(Referer) INTO 404report.txt FROM ex*.log WHERE sc-status = 404 ORDER BY date, cs-uri-stem, cs-uri-query" This assumes that you've currently got a command line open in the folder containing your IIS logs, and that you are logging the above information, as well as that logparser is setup in your PATH line.

Read More

Microsoft's Log Parser 2.2

  • July 29, 2007
  • James Skemp
Year’s ago, Microsoft released Log Parser 2.2, which is a tool for analyzing IIS log files, event viewer exports, and etcetera. There’s a Professor Windows article from May 2005 which covers Log Parser, to some extent, and the download is available from Microsoft. Unfortunately, it’s all command line, but it seems interesting enough, nonetheless. I would have liked to have used AWStats (and probably still will), but I just didn’t want to bother with the config file today.

Read More

Newer
Search
Links of Note
Recent Posts
categories
Support This Site

If my blog was helpful to you, then please consider visiting my Amazon Wishlist.