One of the tools that I use probably everyday is LogParser from Microsoft. It is a splendid tool if you want
to parse very large log files and have knowledge of SQL statements. Please do
not be disheartened if you do not know SQL. With a little practice, you can
become an expert in using LogParser. I am going to put down some of the common
commands that I use to look for specific information in IIS logs. Hopefull,
this will help you get started if you are a novice. I will give you a small
background and then show you how LogParser helps.
First, LogParser is my choice when I have to parse multiple
IIS logs and IIS logs that are really large in size. The other tool that I use
is Microsoft Excel, which is an excellent tool for parsing text files that
contain data separated with delimiter.
IIS 6.0 and later have request logging enabled by default.
The default location for these logs is:
IIS 6.0: %windir%\System32\LogFiles\W3SVC<SiteID>
IIS 7.0: %systemDrive%\Inetpub\logfiles
Also, to enable specific attributes to be logged, open IIS
Manager and bring up the properties for the site you want to configure which
attributes to log. Then on the WebSite tab, click on the Properties button
under “Enable Logging” and then select the attributes from the Advanced tab.
LogParser download location: http://www.microsoft.com/downloads
Search for Log Parser. As of this writing, the latest
version is 2.2.
Listing 1: Log Parser Command Line
LogParser command line is really simple.
LogParser –i:<inputFileFormat> -o:<output format> <Sql Query> | file:<text file
with SQL Query>
-i:<input_format> : one of IISW3C, NCSA, IIS, IISODBC, BIN, IISMSID,
HTTPERR, URLSCAN, CSV, TSV, W3C, XML, EVT, ETW,
NETMON, REG, ADS, TEXTLINE, TEXTWORD, FS, COM (if
omitted, will guess from the FROM clause)
-o:<output_format> : one of CSV, TSV, XML, DATAGRID, CHART, SYSLOG,
NEUROVIEW, NAT, W3C, IIS, SQL, TPL, NULL (if omitted,
will guess from the INTO clause)
<SQL Query> OR file:<text file that contains sql query>
So from above, we have: the command, LogParser, an input specification, an output
specification and the query or file that contains the query we want to run.