IIS log 分析工具介紹與使用心得

# IIS log 分析工具介紹與使用心得 ## 介紹這是個可以看IIS產出的log以及事件檢視器並分析統計資料的工具，使用方法類似SQL(不完全等於)。 ==Note：IIS Log 需要再server上面額外開啟功能才有。[參考這篇](https://support.microsoft.com/zh-hk/help/313437/how-to-enable-logging-in-internet-information-services-iis)== ## 下載位置 [Log Parser](https://www.microsoft.com/en-us/download/details.aspx?id=24659) [Log Parser Studio](https://blogs.technet.microsoft.com/exchange/2013/06/17/log-parser-studio-2-0-is-now-available/) [Log Parser Studio 第二載點](https://gallery.technet.microsoft.com/log-parser-studio-cd458765) ==Note：先裝第一個在裝第二個。== ## 必要時合併檔案指令/開啟cmd ``` copy *.log all.txt ``` ## 使用方式 1. 先找到Log存放的資料夾 ![](https://i.imgur.com/XQGj4lD.png) 2. 點開檔案瀏覽選擇Log資料夾 ![](https://i.imgur.com/fT3gsRH.png) ![](https://i.imgur.com/tLXCLcT.png) > 在Add Folder中，隨便選取一顆檔案；就會自動帶入 *.log 3. 新增查詢 ![](https://i.imgur.com/pWl7uwm.png) 4. 下方輸入SQL指令 ![](https://i.imgur.com/zaFwFIQ.png) 5. 匯出統計結果 ![](https://i.imgur.com/2iDPPnd.png) ## 常用指令 1. 依照日期區分流量 ``` SQL select To_STRING(TO_LOCALTIME([date]), 'yyyy/MM/dd') as Date, DIV(DIV(SUM([sc-bytes]), 1024), 1024) AS [sc-bytes-MB] FROM '[LOGFILEPATH]' GROUP BY To_STRING(TO_LOCALTIME([date]), 'yyyy/MM/dd') ``` 2. 顯示前10筆出現最多次的IP ``` SQL SELECT TOP 10 [c-ip] , count([c-ip]) as count FROM '[LOGFILEPATH]' group by [c-ip] order by count([c-ip]) desc ``` 3. 顯示前10筆消耗最多流量的檔案 ``` SQL SELECT TOP 10 [cs-uri-stem] , DIV(DIV(SUM([sc-bytes]), 1024), 1024) AS [sc-bytes-MB] FROM '[LOGFILEPATH]' group by [cs-uri-stem] order by [sc-bytes-MB] desc ``` 4. 依照站台區分 (需調整寫法) ``` SQL SELECT CASE SUBSTR([cs-uri-stem],1,2) WHEN 'co' THEN 'comm' WHEN 'oa' THEN 'oa' WHEN 'of' THEN 'of' WHEN 'cl' THEN 'cloud' ELSE 'group' END AS [site] , DIV(DIV(SUM([sc-bytes]), 1024), 1024) AS [sc-bytes-MB] FROM '[LOGFILEPATH]' group by CASE SUBSTR([cs-uri-stem],1,2) WHEN 'co' THEN 'comm' WHEN 'oa' THEN 'oa' WHEN 'of' THEN 'of' WHEN 'cl' THEN 'cloud' ELSE 'group' END ```