Log Parser分析IIS log的一个简单例子

命令举例如下:

C:\Program Files (x86)\Log Parser 2.2>logparser.exe -i:IISW3C "select time-taken as Duration from 'D:\IIS Log Folder\ex100817_6371.log' order by time-taken desc"

结果返回:

Duration

--------

190971

154861

154861

145783

124642

124642

101876

99907

80547

77563

Press a key...

IIS log有如下的列

#Fields:

date

time

s-sitename

s-ip

cs-method

cs-uri-stem

cs-uri-query

s-port

cs-username

c-ip

cs(User-Agent)

cs(Referer)

sc-status

sc-substatus

sc-bytes

cs-bytes

time-taken

Example Snip

=============

#Software: Microsoft Internet Information Services 7.5

#Version: 1.0

#Date: 2011-10-04 06:28:57

#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status time-taken

2011-10-04 06:28:57 fe80::1587:9a8b:df87:50a%17 GET /_layouts/viewlsts.aspx BaseType=0 80 - fe80::1587:9a8b:df87:50a%17 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+WOW64;+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+InfoPath.3;+MS-RTC+LM+8;+.NET4.0C;+.NET4.0E) 401 1 2148074254 26707

2011-10-04 06:29:09 fe80::1587:9a8b:df87:50a%17 GET /_layouts/viewlsts.aspx BaseType=0 80 - fe80::1587:9a8b:df87:50a%17 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+WOW64;+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+InfoPath.3;+MS-RTC+LM+8;+.NET4.0C;+.NET4.0E) 401 1 2148074254 15

Formatted Version

============

参考资料:

http://www.msexchange.org/tutorials/Using-Logparser-Utility-Analyze-ExchangeIIS-Logs.html

W3C Extended Log File Format (IIS 6.0)

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true