||IIS - Log Parser (7) blog.crowe.co.nz.Models.Category
IIS - Log Parser
DownloadCENTER for IIS.net has been released!
The DownloadCENTER at IIS.net, is a community hotspot for discovering, sharing, reviewing and promoting IIS-related solutions in a single place. Dozens of existing downloads, for all versions of IIS – both from Microsoft and the community – are already available in DownloadCENTER today.
This new feature of IIS.net is particularly relevant with the release of IIS7 in Windows Vista. The latest release of Microsoft’s Web server has a completely modular architecture which features over forty pluggable components that can be easily added, removed or even replaced with custom implementations.
This powerful extensibility support is available to both .NET and C/C++ developers. In the future, DownloadCENTER is expected to house a large number of IIS7 extensions submitted by not only the IIS team but the developers and partner ISVs of the IIS community as well.
To learn more about the DownloadCenter, read IIS Product Unit Manager, Bill Staples’ blog post about it or check it out yourself today!
I had the pleasure to present to the Christchurch .NET Users Group ( http://www.dot.net.nz ) last evening. It was a very cold night with hail, sleet, rain and we had around 25 people attend.
I spoke about three topics in my presentation:
In the talk on IIS Scripting I discussed the different providers that were available to manage IIS from a command line script or application. These include ADSI and WMI, Admin Base Objects and the new IIS 7 Managed Provider.
In the discussion about IIS diagnostic tools I presented details on the following tools from the Debug Diagnostic Toolkit for IIS.
Authentication and Access Control Diagnostics
In the IIS 7 section of the presentation I discussed some of the benefits of the new server and its new modular architecture, new UI, new extensibility, and diagnostics functionality.
I showed a number of demos of IIS 7 including a custom Basic Authentication module, a custom Directory Browsing Module, Tracing Features, Debugging a crashing application pool with Debug Diag and some features of the new User Interface.
My presentation was made on the Beta 2 build of Vista Ultimate and most of the tools worked fine on Vista and IIS 7 even though they are not designed to. As far as I know no body left early - a good sign.... IIS can be a dry topic to developers but I hope they learned something useful about the new product and of course scripting and diagnostics that they may not have known previously.
One of the most important functions a Web site has is the ability to track who is visiting it, where they are coming from, and what they are doing. While logs themselves may not always be the most accurate measurement of what's going on, they do provide a high level overview useful for tracking common user functions and tasks. There are instances when certain types of data aren't logged such as referrers, cookies, user agents, and POST data. Logging can also be used to track abnormal behavior including malicious requests sent by a potential attacker trying to break into your site. These logs can be extremely valuable in identifying if an attack was successful or not, as well as some of the exact commands that an attacker may have executed.
For more details see the full article at http://www.webappsec.org/projects/articles/082905.shtml
In this blog entry we will display the same output in a number of different formats that Log Parser is capable of providing.
Using the default output format the results are displayed inside of the command prompt.
Notice in the above listing you get a "Press a key..." displayed you can turn this off if you use the -rtp:-1 switch
Using an output format of a chart you can create nice graphs of log entries
The output in this case is a file on disk called test.gif. and the -view parameter displays it in a window.
Using an output format of a DataGrid you can view the results inside of a grid which is a lot easier for viewing the results in certain circumstances.
When using Log Parser you may want to include the log file name that the client data was extracted from. If you are using the W3C format you can do this with the LogFilename input field which will return the full path to the log filename that contains the row of data.
Save the data below as distinctclientrequests.sql
If you are wanting to only get the log filename and not the full path you could use the following query:
Save the data below as distinctclientrequests.sql
Log Parser - Sample - How to return the number of files and their size in a folder and all child folders.
The Log Parser 2.2 and greater is a very powerful little tool for things that you may not even think about such as enumerating the number of files in a folder and the size that they are consuming.
With these examples we will be using the -i:FS input parameter which means we are getting our data from the File System.
The 3 examples above have all defaulted to recursively searching all child folders. You can control this with the recurse parameter.
Microsoft Log Parser is a very cool little tool that you can use with a SQL query language to render details from a number of different log file formats including:
You tell Log Parser what information you need and how you want it processed.
The results of your query can be custom-formatted in text based output, or they can be persisted to more specialty targets like SQL, SYSLOG, or a chart.
An example query:
For more details on Log Parser see http://www.microsoft.com/technet/scriptcenter/tools/logparser/default.mspx
The Unoffical Log Parser web site created and maintained by Mike Gunderloy see http://www.logparser.com/
For some additional scripts and code examples for using Log Parser from c# see http://www.logparser.com/Repository.htm
A book has been released called the Log Parser Toolkit - see http://www.syngress.com/catalog/?pid=3110
For a details explanation of how Log Parse works see http://www.microsoft.com/technet/community/columns/profwin/pw0505.mspx
For examples of using the COM interface to Log Parser see http://www.microsoft.com/technet/community/columns/scripts/sg0105.mspx