This tool works with Microsoft's Log Parser 2.2 to allow you to run pretty advanced reports on your IIS
log files. It is a simple ASP script, no install required, no scheduled jobs, and no configuration of the
script itself - just set the appropriate permissions in IIS.
- Install Log Parser 2.2, with COM support (default install), see http://www.logparser.com for more info and download link
- Copy the ASP script to somewhere you can access it through IIS, without attracting too many curious souls.
- Register the "ASPDNS.dll" File with RegSvr32 in a location of your choice OR Set the "EnableReverseIPViewing" variable to "False"
- Set the permissions on the file (or containing folder) to not allow anonymous, and to use integrated
windows auth. Then when viewing the page use an appropriate administrator group user.
WARNING / DISCLAIMER
- The Detail Viewing opens the way to "SQL Injection" attacks, because the WHERE clause is basically querystring-provided. This would be extremely dangerous in a SQL Server, but as far as I know does not matter with Log Parser. In any case, the script will only work (get past the ADSI query) if the client is authenticated as an Administrator. However, if you have any doubts at all, turn off the detail viewing below and you should be set.
- This tool is only intended for casual viewing / exploration of your existing log files:
- The reports are not formatted for public consumption, they are pretty ugly (although that would be easy to fix)
- The reports are very expensive to run, from a server resources point of view - there is no daily "compilation" of files into some internal binary format like most other log analysis tools (eg urchin, analog)
- This script requires you to use some form of integrated IIS authentication so that it is executed with Administrator priviledges. I am no IIS security expert, but my assumption is that you should NEVER do that over a public network (internet) without the communication being protected by SSL (HTTPS).
- The ASPDNS.dll COM component is created by Stefan Schoeman, and it is considered "DonationWare", so feel free to donate at his page:
- This script does a bunch of complicated things using complicated technologies, there is no way I can provide any guarantees or implied promises of performance, safety, security etc. Every IIS Admin is on his own here. I have done my best to make this tool as safe and foolproof as possible, but I cannot safely say that it will not turn your server into a slag pile, or allow the hacker rats of mars to turn your IIS server into a brain-eating zombie.
- Very simple installation, no security concerns except those noted above - script will only work if you are connected with admin credentials, otherwise it will refuse to run (if anonymous) or crash (if connected user does not have sufficient rights).
- No server modifications at all - no writes to disk, no caching, no compilation - just explore the existing log files in interesting ways.
- Reports can be run remotely, as long as secure integrated authentication is possible - if you're analysing IIS logs you probably have web access to this server!
- Various IIS Log stats views, depending on the information that is being logged to the IIS Log Files - the check is per-file, so when you increase logging columns you immediately increase the reporting options available.
- Placeholders for easy access to a specific file (eg yesterday's) with a generic URL.
- Ability to query specific (arbitrary) time slices, with default slicing by hour - ALL TIMES UTC!
- Ability to get detail/raw results for any "by HitCount" result set, and copy / paste results into Excel or other resource for further analysis
- Ability to look up the Reverse DNS records of client IP addresses, only for the reported results - Log Parser itself tries to get the reverse DNS value of EVERY IP address in the WHERE result set, regardless of whether it makes the top 50 or not, so this takes a VERY long time - here the reverse DNS lookup is performed only for the results displayed. PLEASE NOTE: If you intend to look at large "Raw" result sets (the script normally limits you to the first 2000 records), the reverse DNS lookups will still be done so it may make sense to tun them off before getting large raw result sets.
- Display of the "SQL" that generated the results on every page. This can always be copy/pasted into a command-line for an immediate refinement / modification to the query, with all the power of log parser.
- Easy / Trivial addition of new reports:
- Add the report name (with a new ID) in the list at the top
- Add the report query to the existing list/block, keeping in mind that certain column names have special functionality HitCount will always be summed up:
- If "ExtraWhere" and "HitCount" are both in the output, the HitCount will become a link with the ExtraWhere data provided.
- If "c-ip" is in the output and Reverse DNS lookups are enabled, these will be automaticall carried out
- Add the display of the new report in the "Capabilities" area, being sure to check for the required columns.
- Tiny! The script itself is less than 50KB including instructions, no compilation is required, and the DNS lookup DLL is optional.
POSSIBLE FUTURE EXTENSIONS
- Work on other input formats, eg XSP, Cassini, Apache, etc
- Update these initial comments to be HTML comments, and so avoid the leading
- Use client IP stats to create a user density map of the world, like urchin
- Use user-agent information to group into specific browsers, removing "chaff" in the IE stats particularly, like analog
- Add graphical representations for some results, like analog
- Add "missing" record information in all TOP XXX queries, as an "Others" summary entry at the bottom, like analog
- Provide a "Convert to Local Time" option... Complicated because of date boundaries not corresponding to file boundaries anymore.
- Allow for side-by-side comparison of 2 files
- Consider using the Log Parser 2.2 "<1>" website log file syntax, determine how groups of records would be selected (by day?), how this would affect performance on large datasets (does it try to parse all files or only the necessary ones?), and how this would affect the ability to detect logging "Capabilities".
- Consider implementing the same concept for PerfLog CSV files, and possibly BLG files with relog conversion tool.
- Would need to concentrate on "Core" performance counters across all Windows systems + IIS & SQL Server, and provide counter setup files and instructions...
- This script Copyright: (C) Tao Klerks 2007
- Permission to re-distribute this script as long as copyright notice and comments remain intact
- Log Parser 2.2 (C) 2004 Microsoft Corporation. All rights reserved.
- aspdns.dll Copyright: (C) Stefan Schoeman 1999
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- 1.0 2007-06-10 - Basic features, placed online
Please contact me (Tao Klerks) with any questions, comments, suggestions, concerns, etc at http://www.architectshack.com