Thursday, April 13, 2006

Log Parser 2.2 is a tool published by Microsoft to make extracting information from logfiles easier. It is part of the IIS 6 resource kit. I mainly use it for IIS logs but you can use it on most Microsoft logfiles.
It's also one of the very few tools that can analyze an IIS ftp log file. It's a really powerful tool which is also the reason that I don't use it much, the syntax is not very friendly if you don't have much SQL experience.

Anyway, after reading some documentation I was able to dig out a list of unique visitors from 4 months of ftp logs. The command to do that is this:

logparser "SELECT DISTINCT c-ip FROM *.log" -i:IISw3c -o:CSV

Important here is the DISTINCT. If I didn't use that then I'd get all the ip adresses from all the logs. The latter would get me 2meg of output, using distinct I only get about 2k of output. The -o:CSV option tells logparser to output in CSV format. If you didn't use it you'd have to press the space bar every time.

The c-ip stands for client IP. You can get a list of fields you can query on by issueing the command: logparser –h –i:IISW3C (or replace IISW3C with the logformat you're using). For other SQL-challenged people like me, this Professor Windows article might help. For those of you more skilled with windows scripting and SQL have a look at logparser.com

EDIT:
Just figured out you can even have it resolve dns. So:

logparser "SELECT DISTINCT REVERSEDNS (c-ip) FROM *.log" -i:IISw3c -o:CSV

Would give the same result as the first query but display DNS names instead of just IP adresses.

No comments: