[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1074
  • Last Modified:

LogParser and examples on the web

Hello,

I'm looking at different pages on the web which discussing Log Parser where they share useful examples on how to query an IIS log file using LogParser.

Currently, I am using logparser 2.2 in Windows powershell yet logparser complains about some of its own example or syntax.

In this case I'm facing an issue which doesn't return an error or any warnning at:

http://blogs.msdn.com/b/carlosag/archive/2010/03/25/analyze-your-iis-log-files-favorite-log-parser-queries.aspx

Number of Hits per Client IP, including a Reverse DNS lookup (SLOW). I thought SLOW means it would take few minutes but nothing comes out of this command.

LogParser.exe -i:W3C "Query-From-The-Table-Below" -o:CSV

SELECT c-ip As Machine,  
        REVERSEDNS(c-ip) As Name,  
        COUNT(*) As Hits  
 FROM c:\inetpub\logs\LogFiles\W3SVC1\*  
 GROUP BY Machine ORDER BY Hits DESC

Open in new window


so I run following command:


.\Logparser.exe  "SELECT c-ip As Machine,  
        REVERSEDNS(c-ip) As Name,  
        COUNT(*) As Hits  
 FROM c:\inetpub\logs\LogFiles\W3SVC1\*  
 GROUP BY Machine ORDER BY Hits DESC"  -i:W3C -o:CSV

Open in new window


It doesn't throw a message it just it stays on screen forever.

Am I missing something here?

Please advise.

Thanks.
0
akohan
Asked:
akohan
  • 2
  • 2
1 Solution
 
Dan McFaddenSystems EngineerCommented:
On first look, the Log Parser option "-i:W3C" should be "-i:IISW3C".  I ran the same command on a test log, 169K entries, and it took 3 min 53 sec:

logparser -i:IISW3C  "SELECT c-ip As Machine, REVERSEDNS(c-ip) As Name, COUNT(*) As Hits  FROM 'C:\HTTPLogs\test\*.log'  GROUP BY Machine  ORDER BY Hits DESC "

I suggest running the command against a small log file as a test to ensure its working for you.  Also, the test depends on your DNS cache for reverse name resolution.  The first run will be slow because your computer has to constantly do DNS queries, in addition to executing the log parser query against the log file(s).  If you start running this daily, the report may be a bit faster, on average.  I computer was analyzing about 720 log lines a second on the first run, but this depends on much bandwidth your Internet connection has.

Here are a few links to good sites with examples:

1. http://mlichtenberg.wordpress.com/2011/02/03/log-parser-rocks-more-than-50-examples/
2. http://logparserplus.com/Examples
3. http://blogs.technet.com/b/karywa/archive/2013/06/05/log-parser-studio-write-your-first-query-in-less-than-30-seconds.aspx

Also, you should check out Log Parser Lizard (http://www.lizard-labs.net/log_parser_lizard.aspx) and Log Parser Studio (http://blogs.technet.com/b/exchange/archive/2013/06/17/log-parser-studio-2-2-is-now-available.aspx)... it gives you a GUI for Log Parser and
0
 
akohanAuthor Commented:
Thank you Dan!
So from what I understand it is OK to query the IIS log files directly rather than copying them in a specific folder/path and run a query on it. Right?
0
 
akohanAuthor Commented:
Good tips.
0
 
Dan McFaddenSystems EngineerCommented:
I tend to move the logs before I process them.  This does 2 things:

1. prevents the logs from using too much space on the volumes where they are saved
2. when querying them, the web server does not have to support the added pressure of serving up the files to the process that is accessing the logs

So, to save space and to not consume too much server resources, I move my logs.

If the web server does not have a lot of activity, then it is less of an issue.  If the web server (and sites) are very active, then I would never directly query the logs.

Dan
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now