Microsoft’s Log Parser is an awesome tool that justifies knowledge, if not even regular use, by both system administrators and web users alike.
From the download site: “Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows® operating system such as the Event Log, the Registry, the file system, and Active Directory®.”
While there are many different data sources that Log Parser can be used against, what I really care about (for this post at least) is gleaning data from Microsoft Internet Information Services (IIS) log files.
First, grab the tool and step through the quick and easy installation process. The install is so easy that I won’t bother showing any screen shots in this post. Here is the link for the download: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=24659
Once installed, you can launch Log Parser by clicking the Windows button, “All Programs”, the “Log Parser 2.2” folder, then the “Log Parser 2.2” link.
A point to mention before we look at a sample usage. While this may be obvious, it may also not occur to even think about for some people: Log Parser can only report data that is actually in the logs. Odd to even mention that, right? Not when you consider that IIS can log a tremendous amount of useful information, but it can also be set to log minimal information (most commonly to help keep the size of the actual log file on disk as small as possible). Commonly logged data includes the date, time, page names, page size, status codes, and more. I’ll assume for this post that you have enabled logging for the specific items we’re going to query.
What I generally do, to make things a little easier, is to copy logparser.exe to a temp folder, and also copy over the log file(s) I plan to query. Then I don’t have to mess with file paths. I suppose you could also add the location of Log Parser into the system environment variable PATH so that Windows searches (and finds it) as needed when called – I just haven’t done that.
OK. So, let’s look at a couple handy queries.
Want to know how many requests your site handled on a certain day? Run Log Parser against that day’s log files with the query below. I’ve also shown sample output results below the query.
logparser "SELECT COUNT(*) FROM u_ex120310.log" -i:IISW3C COUNT(ALL *) ------------ 8148815 Statistics: ----------- Elements processed: 8148815 Elements output: 1 Execution time: 24.88 seconds
Want to know the top five requested items and the number of request? Try this one out:
logparser "SELECT TOP 5 cs-uri-stem, COUNT(*) as [Count] FROM c:\temp\u_ex1203 10.log GROUP BY cs-uri-stem ORDER BY [Count] DESC" -:IISW3C -e:10 cs-uri-stem Count ------------------------------- ------- / 3977300 /about.aspx 2724924 /contact.aspx 907054 /faq.aspx 296883 /products.aspx 242051 Statistics: ----------- Elements processed: 8148815 Elements output: 5 Execution time: 22.05 seconds
Want to know the total amount of data transfers* out from your site on that day? Try out this query.
logparser "SELECT COUNT(sc-bytes) FROM c:\temp\u_ex120310.log" -i:IISW3C -e:10 COUNT(ALL sc-bytes) ------------------- 8148815 Statistics: ----------- Elements processed: 8148815 Elements output: 1 Execution time: 23.91 seconds
*NOTE that the output is in bytes, so that’s 8,148,815 bytes or (/1024) 7,957 MB or (/1024) 7.77 GB of data transferred out from this test site’s log file. I point this out because most hosts track either data transfers in GB/month or they track bandwidth in a fixed rate (like 100 mbps, but that is more common in colocation scenarios).
Hopefully you can understand the power of this tool. Sure, many statistics programs (like Google Analytics, which I love) will report some of this data (though not data transfers), but you can also get more complex and specific with your queries. Find the longest running pages, list all error codes, list the most common querystring values, report on client IP addresses, etc… There is a tremendous amount of information at your fingertips if you want it.