Solved

Custom AWSTATS log format for IIS and running existing logs in batch

Posted on 2007-04-09
6
6,225 Views
Last Modified: 2013-12-07
Hi
Can anyone help me to create a custome log file for IIS logs that were captured in the following format:

#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2006-11-23 11:16:09
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2006-11-23 11:16:09 W3SVC463436271 196.2.xx.xxGET /index.asp - 80 - 217.31.169.71 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+95) 200 0 0
2006-11-23 11:16:09 W3SVC463436271 196.2.xx.xx GET /styles.css - 80 - 217.31.169.71 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+95) 200 0 0
2006-11-23 11:16:09 W3SVC463436271 196.2.xx.xx GET /header.asp - 80 - 217.31.169.71 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+95) 200 0 0
2006-11-23 11:16:11 W3SVC463436271 196.2.xx.xx GET /home.asp - 80 - 217.31.169.71 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+95) 200 0 0
2006-11-23 11:16:11 W3SVC463436271 196.2.xx.xx GET /nav.asp - 80 - 217.31.169.71 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+95) 200 0 0
2006-11-23 11:16:11 W3SVC463436271 196.2.xx.xx GET /footer.asp - 80 - 217.31.169.71 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+95) 200 0 0

I also need help with running awstats on all the log files for a couple of months.

I have a folder with the last 4 or so month's worth of daily stats in exYYMMDD.log format

I tried running awstats by changing the config file for awstats for the particular domain to just point to "/path/to/logs/ex*.log", but that doesn't work. Only when I explicitly mention a file in the path does awstats run ( but then it complains about the missing fields in the log files - hence my question about telling awstats to use the existing log formats as per example above).
0
Comment
Question by:psimation
6 Comments
 
LVL 26

Expert Comment

by:mrcoffee365
Comment Utility
AWStats does not read the default IIS log format without some configuration.  Put the following Log format in your awstats awstats.model.conf file:

# Use this LogFormat for limited IIS log (default log format from IIS 6)
LogFormat="date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-bytes"

Don't put line break in.

A format like this works well for IIS logs:
LogFile="C:/WINNT/system32/LogFiles/W3SVC3/ex%YY-24%MM-24%DD-24.log"

When you run awstats, you can also specify which file you want it to run on (as long as it is where you specified for the LogFile location above):

perl c:\awstats-6.5\wwwroot\cgi-bin\awstats.pl -config=mymodel  -LogFile="C:/WINNT/system32/LogFiles/W3SVC3/ex061123.log" -update

Again, no line breaks.



 
0
 
LVL 17

Author Comment

by:psimation
Comment Utility
Hi Mrcoffee365

Thx alot for that, the first part should definately work.

However, do you perhaps know how I can modify the .conf fil to include ALL the log files I already have on file?
I'd hate to have to run that command 180 time manually ( I've basically got 180 days worth of log files that I need AWSTATS to process...)
0
 
LVL 26

Accepted Solution

by:
mrcoffee365 earned 250 total points
Comment Utility
I don't think there's an AWStats way to run it against multiple files at once.  You can write a script file which creates each log file name.  Or cut and paste the lines into a big .bat file.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Expert Comment

by:npglobal
Comment Utility
I am running IIS log with the following formats

#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status

and i unable to run this.. please help me out to sort out this problem
0
 
LVL 26

Expert Comment

by:mrcoffee365
Comment Utility
You need to open a new question, not ask your question as part of an already answered question.

http://www.experts-exchange.com/Web_Development/WebTrends_Stats/
0
 

Expert Comment

by:dolharz
Comment Utility
> However, do you perhaps know how I can modify the .conf fil to include ALL the log files I already have on file?

To perform a wildcard analysis of multiple-file log, set the LogFile to this:

LogFile="e:\awstats\tools\logresolvemerge.pl C:/WINNT/system32/LogFiles/W3SVC3\*.log |"

Change the  path to AWstats correctly.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Problem to be resolved in this article Currently, development of website and web application can be done without writing thousands of lines of programming code by hand. Description This can be done through by using a open source framework such …
Using SQL Scripts we can save all the SQL queries as files that we use very frequently on our database later point of time. This is one of the feature present under SQL Workshop in Oracle Application Express.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now