How To: IIS and Log Parser 2.2
As IIS administrators we come across many scenarios wherein we are asked to analyse the overall performance of a web server. There are various steps involved in it, however, analysing IIS log files without a proper tool can be a pain. It's very easy to get lost in the lines. Log Parser is a tool that I rely upon when it comes to manual IIS log file analysis. It's a cool tool that provides universal query access to text-based data, such as .log files. Log Parser can be downloaded from here.
With this version, we can parse various files types, however, in our scenario we wil be using Log parser against IIS log files.
1.) After downloading the installation package, double-click on installation file and follow the on-screen instruction to set up log parser on your machine.
2.) Open the working directory of Log Parser post installation. Copy logparser.exe and logparser.dll and paste it into your IIS log file directory.
Note: At default installation, Log Parser is installed at “C:\Program Files\Log Parser 2.2”. we are doing this copy-paste only for operational easiness.
3.) Open a new command prompt window and type
> cd "log file directory" --> Enter
> logparser.exe -i:IISW3C “SELECT cs-uri-stem as [Request URI], COUNT(*) AS Hits INTO hits.csv FROM ex*.log GROUP BY cs-uri-stem Order by Hits desc” –q:off --> Enter
The above query into log parser will return a CSV file named hits into the log directory. This CSV file gives the most used pages on the web server. This excel sheet can then be formatted to suit the needs of your operation.
> logparser.exe -i:IISW3C “Select Top 20 LogRow as [Line Number], date as [Date], time as [Time], c-ip as [Client-IP], s-ip as [Server IP], s-port as [Server Port], cs-method as [Request Verb], cs-uri-stem as [Request URI], sc-bytes as [Bytes sent], sc-status as [Status], sc-substatus as [Sub-status], sc-win32-status as [Win 32 Status], time-taken as [Time Taken] Into sqlout.csv From ex*.log Order by time-taken desc” –q:off -->Enter
The above Query into log parser will return the 20 slowest pages running from the web server. The above query will create an csv file named sqlout.csv which can again be formatted to gain the required output result.
The above 2 queries will give us sufficient data to start analyzing performance issues on the server related to IIS and pages running from the server. In case for more information and help:
> logparser.exe --> Enter
Note: Make sure that all the values that you would like to obtain through LogParser are actually selected in the IIS website configuration.
For more information, check out the ScriptCenter tools link. For issues and being up to date check out the Log Parser Forums
Let me know for more information.