日志解析器是使IIS日志分析更加轻松的出色工具之一。

软件

本文使用的软件：

• Log Parser 2.2
• Office 2003 Web组件
• IIS 8日志

我们可以从http://www.microsoft.com/zh-cn/download/details.aspx?id=24659下载LogParser 2.2.

CHART输出需要Microsoft Office Web组件。
可以从http://www.microsoft.com/zh-cn/download/details.aspx?id=22276下载。

本文假定所有sql文件都存储在默认Log Parser的安装目录中，并且IIS日志文件已复制到'C:\W3SVC1 '。

使用日志解析器

获取时间帧之间的平均页面加载时间（数据网格）

> LogParser -i:IISW3C -o:DataGrid -e:1 file:avg.sql

“ avg.sql”文件的内容：

SELECT cs-uri-stem, 
AVG(time-taken) As AvgTime 
FROM C:\W3SVC1\*.log
WHERE TO_TIME(time) 
BETWEEN TIMESTAMP('00:00:01','hh:mm:ss') AND TIMESTAMP('23:59:59','hh:mm:ss')
AND DATE > '2014-02-08' AND date < '2014-02-10'
GROUP BY cs-uri-stem
ORDER by AvgTime DESC

获取时间帧之间的前10个最慢的aspx页（CSV）

> LogParser -i:IISW3C -o:DataGrid -e:1 file:slowest.sql

“ slowest.sql”文件的内容：

SELECT TOP 10 cs-uri-stem,
max(time-taken) as MaxTime,
avg(time-taken) as AvgTime
INTO C:\Temp\slowest.csv
FROM C:\W3SVC1\*.log
WHERE extract_extension(to_lowercase(cs-uri-stem)) = 'aspx'
GROUP BY cs-uri-stem 
ORDER BY MaxTime DESC

获取时间框架之间每小时的命中频率（图表）

> LogParser -i:IISW3C -o:CHART -chartType:ColumnStacked -e:1 -view:ON file:hits.sql

“ hits.sql”文件的内容：

SELECT TO_LOCALTIME(QUANTIZE(TO_TIMESTAMP(date, time),3600)), 
COUNT(*) AS Hit_Frequency 
INTO C:\Temp\hits.jpg 
FROM C:\W3SVC1\*.log 
WHERE TO_TIME(time) 
BETWEEN TIMESTAMP('00:00:01','hh:mm:ss') AND TIMESTAMP('23:59:59','hh:mm:ss')
AND DATE > '2014-02-08' AND date < '2014-02-10'
GROUP BY TO_LOCALTIME(QUANTIZE(TO_TIMESTAMP(date, time),3600)) 
ORDER BY TO_LOCALTIME(QUANTIZE(TO_TIMESTAMP(date, time),3600)) 
DESC

获取时间范围之间的前10个客户端IP地址（图表）

> LogParser -i:IISW3C -o:CHART -chartType:ColumnStacked -e:1 -view:ON file:top10IPs.sql

“ top10IPs.sql”文件的内容：

SELECT top 10 c-ip 
AS Unique_IPs,count(c-ip)
FROM C:\W3SVC1\*.log 
TO C:\Temp\top10IPs.jpg
WHERE TO_TIME(time)  
BETWEEN TIMESTAMP('00:00:01','hh:mm:ss') AND TIMESTAMP('23:59:59','hh:mm:ss')
AND DATE > '2014-02-08' AND date < '2014-02-10'
GROUP BY c-ip
ORDER BY count(c-ip) DESC

获取时间范围之间的每小时带宽（图表）

> LogParser -i:IISW3C -o:CHART -chartType:ColumnStacked -chartTitle:"Bandwidth" -e:1 -view:ON file:bandwidth.sql

“ bandwidth.sql”文件的内容：

Select TO_LOCALTIME(QUANTIZE(TO_TIMESTAMP(date, time), 3600)) 
As Hourly_Bandwidth, 
Div(Sum(cs-bytes),1048576) As Incoming(MB), 
Div(Sum(sc-bytes),1048576) As Outgoing(MB) 
INTO C:\Temp\bandwidth.jpg  
FROM C:\W3SVC1\*.log 
WHERE TO_TIME(time) 
BETWEEN TIMESTAMP('00:00:01','hh:mm:ss') AND TIMESTAMP('23:59:59','hh:mm:ss')
AND DATE > '2014-02-08' AND date < '2014-02-10'
GROUP BY TO_LOCALTIME(QUANTIZE(TO_TIMESTAMP(date, time),3600)) 
ORDER BY TO_LOCALTIME(QUANTIZE(TO_TIMESTAMP(date, time),3600))
DESC

获取时间范围之间的状态码摘要（CSV）

> LogParser -i:IISW3C file:status.sql

“ status.sql”文件的内容：

SELECT sc-status, sc-substatus,
COUNT(*) 
FROM C:\W3SVC1\*.log
TO C:\Temp\status.csv
WHERE TO_TIME(time)
BETWEEN TIMESTAMP('00:00:01','hh:mm:ss') AND TIMESTAMP('23:59:59','hh:mm:ss')
AND DATE > '2014-02-08' AND date < '2014-02-10'
GROUP BY sc-status, sc-substatus 
ORDER BY sc-status

在时间范围（CSV）之间获取IP的400和404错误

> LogParser -i:IISW3C file:404.sql

“ 404.sql”文件的内容：

SELECT date, time, sc-status, cs-uri-stem, c-ip
FROM C:\W3SVC1\*.log 
TO C:\Temp4.csv
WHERE TO_TIME(time)
BETWEEN TIMESTAMP('00:00:01','hh:mm:ss') AND TIMESTAMP('23:59:59','hh:mm:ss')
AND DATE > '2014-02-08' AND date < '2014-02-10'
AND (sc-status = 400 OR sc-status = 404)
ORDER BY date, time, sc-status

通过时间帧之间的字节获取内容使用情况（图表）

> LogParser -i:IISW3C -chartType:PieExploded3d -view:ON file:content.sql

“ content.sql”文件的内容：

SELECT EXTRACT_EXTENSION(cs-uri-stem) AS PageType,
SUM(sc-bytes) AS Bytes 
INTO C:\Temp\content.jpg
FROM C:\W3SVC1\*.log
WHERE TO_TIME(time)
BETWEEN TIMESTAMP('00:00:01','hh:mm:ss') AND TIMESTAMP('23:59:59','hh:mm:ss')
AND DATE > '2014-02-08' AND date < '2014-02-10'
GROUP BY PageType 
ORDER BY Bytes DESC