Before we start discussion regarding reading of IIS log, I would like to request you to please read my previous article which provides introduction of Log Parser along with some sample query. Basic knowledge of log parser required for this article, if you don’t have knowledge of Log Parser, kindly click here.
After having understanding of Log Parser, you have to find IIS log file location for your server. It may be:
Administrator can change the location of log file from IIS so it is better to confirm the location of log file first before executing the commands given below.
Once you are ready with Log Parse in your server along with path of IIS log file, you can execute following commands to get various information.
Command 1: This command will give you total number of execution of .ASPX page in your IIS based on given file path and date. I wanted to read only one log file “ex121025.log”, you can give “*” there to read all log files available under “W3SVC1” folder.
logparser.exe -i:W3C -o:DATAGRID "SELECT COUNT(*) FROM C:\WINDOWS\system32\LogFiles\W3SVC1\ex121025.log where date>’2012-10-19′ AND date<‘2012-10-21’ and cs-uri-stem LIKE ‘%.aspx’"
Command 2: Following command will return total number of process/pages which takes more than 1 second to load, if we know long running pages, we can troubleshoot it and optimize it as well. Please not that “Time-Taken” field gives value in millisecond
[sourcecode]logparser.exe -i:W3C -o:DATAGRID "SELECT COUNT(*) FROM C:\WINDOWS\system32\LogFiles\W3SVC1\ex121025.log where time-taken>1000" [/sourcecode]
Command 3: following command will return total number of pages whose size is greater than 300KB. We might want to make page little lower in size so that it can be loaded in browser fast.
[sourcecode] logparser.exe -i:W3C -o:DATAGRID "SELECT COUNT(*) FROM C:\WINDOWS\system32\LogFiles\W3SVC1\ex121025.log where cs-bytes>307200"
Command 4: Following command will give you top 10 heaviest pages which has taken long time to load in browser.
[sourcecode]logparser.exe -i:W3C -o:DATAGRID "SELECT TOP 10 cs-uri-stem as URL, MAX(time-taken) As Max, MIN(time-taken) As Min, Avg(time-taken) As Average FROM C:\WINDOWS\system32\LogFiles\W3SVC1\ex121025.log GROUP BY URL ORDER By MAX DESC" [/sourcecode]
Command 5: following command will list out IP with reverse DNS and count how many request came from the IP.
[sourcecode]logparser.exe -i:W3C -o:DATAGRID "SELECT c-ip As IP, REVERSEDNS(c-ip) As DNS, COUNT(*) As Requests FROM C:\WINDOWS\system32\LogFiles\W3SVC1\ex121025.log GROUP BY IP ORDER BY Requests DESC" [/sourcecode]
BTW, “W3C” parameter value provided when you want to read log of IIS for further details about input and output parameter, please refer my previous article Log Parser.
Hope you find it useful.
Reference: Ritesh Shah
Note: Microsoft Books online is a default reference of all articles.