Monday, November 12, 2012

Analyzing IIS logs

Some useful badly written queries to analyze IIS logs, when something wrong is going on. Logparser needs to be installed.
Mostly hit resource on a server, filtered by media files 
logparser -i:IISW3C "SELECT TOP 10 cs-uri-stem AS Url, MIN(time-taken) as [Min], AVG(time-taken) AS [Avg], max(time-taken) AS [Max], count(time-taken) AS Hits FROM  u_ex121025.log TO 'MostHitResourcesFiltered121025.csv' WHERE cs-uri-stem NOT LIKE '%media%' AND cs-uri-stem NOT LIKE '%.swf' AND cs-uri-stem NOT LIKE '%.jpg' AND cs-uri-stem NOT LIKE '%.mp3' AND cs-uri-stem NOT LIKE '%.js' AND cs-uri-stem NOT LIKE '%.woff' AND cs-uri-stem NOT LIKE '%.css' AND cs-uri-stem NOT LIKE '%.png' AND cs-uri-stem NOT LIKE '%.gif' AND cs-uri-stem NOT LIKE '%.eot' AND cs-uri-stem NOT LIKE '%.ico' GROUP BY Url ORDER BY [Hits] DESC"  -o:csv

Requests that took longest time to anwser - I like to order it by Avg, Min and Max. Below just sorted by Avg example. 
logparser -i:IISW3C "SELECT TOP 10 cs-uri-stem AS Url, MIN(time-taken) as [Min], AVG(time-taken) AS [Avg], max(time-taken) AS [Max], count(time-taken) AS Hits FROM  u_ex121025.log  TO 'Avg121025.csv' WHERE cs-uri-stem NOT LIKE '%media%' AND cs-uri-stem NOT LIKE '%.swf' AND cs-uri-stem NOT LIKE '%.jpg' AND cs-uri-stem NOT LIKE '%.mp3' AND cs-uri-stem NOT LIKE '%.js' AND cs-uri-stem NOT LIKE '%.woff' AND cs-uri-stem NOT LIKE '%.css' AND cs-uri-stem NOT LIKE '%.png' AND cs-uri-stem NOT LIKE '%.gif' AND cs-uri-stem NOT LIKE '%.eot' GROUP BY Url HAVING Hits > 5 ORDER BY [Avg] DESC" -o:csv

When I am interested in some specific site, and I want to know as much as I can about it. In example below, I am interested in a url that has 'last' string inside it. 
logparser -i:IISW3C "SELECT date, time, s-ip, cs-method, cs-uri-stem, cs-uri-query, s-port, cs-username, c-ip, cs(User-Agent), sc-status, sc-substatus, sc-win32-status, time-taken FROM  u_ex121103.log  TO 'WhoHitLMO121103.csv' WHERE cs-uri-stem NOT LIKE '%media%' AND cs-uri-stem NOT LIKE '%.swf' AND cs-uri-stem NOT LIKE '%.jpg' AND cs-uri-stem NOT LIKE '%.mp3' AND cs-uri-stem NOT LIKE '%.js' AND cs-uri-stem NOT LIKE '%.woff' AND cs-uri-stem NOT LIKE '%.css' AND cs-uri-stem NOT LIKE '%.png' AND cs-uri-stem NOT LIKE '%.gif' AND cs-uri-stem NOT LIKE '%.eot' AND cs-uri-stem LIKE '%last%'" -o:csv
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)