IIS Log Analysis

Cottage-Industry-Style Log Analysis

When you operate a service, there are many times you need to analyze logs. Many of the services I operate use IIS, and for whatever reason, no real-time log analysis system for the web server had been set up. It would be nice to set up something like GoAccess, but I have neither the authority nor the resources to make that decision. I suppose the thinking is that things run fine without it… Anyway, every now and then the need to analyze logs comes up. So I did some log analysis cottage-industry style.

Environment

Server

• Windows Server 2008 R2
• IIS 7.5
• Log type: IISW3CLOG

My Machine

• Windows 10

Log Parser

1. Install Log Parser 2.2.

2. Run the script.

3. The script below counts HTTP requests whose uri contains aspx, grouped by URI. The syntax is almost identical to SQL.

logparser -i:W3C -o:csv "SELECT cs-uri-stem, COUNT(*) AS Hits into d:\results.csv FROM d:\u_ex180612.log WHERE cs-uri-stem like '%.aspx%' GROUP BY cs-uri-stem ORDER BY Hits DESC"

Log Parser Studio

There is an application that helps you run Log Parser conveniently. It’s called Log Parser Studio, and although it has been around for quite a while, it lacks nothing for cottage-industry purposes. After downloading and unzipping it, the included README.txt file explains how to use it well. Then again, it’s built so cleanly that you hardly need any usage instructions at all.

The end!