If you want to analyse IIS logs Log Parser is your man. Install it, cmd to its directory and run the executable followed by SQL query in quotes. Here is an example*:
LogParser "SELECT date, REVERSEDNS(c-ip) AS Client, COUNT(*) FROM ex130130.log WHERE sc-status<>200 GROUP BY date,client"
In this case I copied the log file from an Exchange server into the Log Parser install directory. The results:
date Client COUNT(ALL *)
---------- ------------------------------------------------ ------------
2013-01-30 *.com 29
2013-01-30 *.com 138
2013-01-30 *.com 8
2013-01-30 *.com 2
2013-01-30 *.net 2
2013-01-30 *.com 276
2013-01-30 *.com 21
2013-01-30 *.com 2
2013-01-30 *.com 1
2013-01-30 *.net 2
Press a key...
date Client COUNT(ALL *)
---------- -------------------------------- ------------
2013-01-30 *.net 2
2013-01-30 *.net 1
2013-01-30 *.net 1
2013-01-30 *.net 1
Statistics:
-----------
Elements processed: 3034
Elements output: 14
Execution time: 4.34 seconds
* This blog digs deep to find the ins and outs, nooks and crannies, cracks and cheats that help the budding but hungover sysadmin. This is why you can find this example in the Log Parser help menu. It's the first entry.
No comments:
Post a Comment