IIS Path using CMD

November 13, 2013, 12:19 pm

≫ Next: Logparser to output '0' if no hits

≪ Previous: Query for stats on a particular URI

$

0

0

Hello folks,

when I am deploying the new code to the web server, I point the IIS to Another folder example F:\currentCode  while I  change the code on the new folder example path D:\newcode. I do this trough a software the problem is sometimes the IIS never changed back to the newcode folder and the Software never log any error, my question is how can i add another command to check if the iis is pointing to the new code folder and id not to send a message from CMD. I know how to send message fom the CMD but how Cani Check the path using the CMD something like

if not exists  of if the IIS not in PAth  D:\newcode send email .

Thanks

 

---

Logparser to output '0' if no hits

March 3, 2014, 12:56 am

≫ Next: IIS Logs - parse logs to get download speed

≪ Previous: IIS Path using CMD

$

0

0

hi,

for example, if i run 

logparser "select quantize(TO_LOCALTIME(TO_TIMESTAMP(date,time)),3600) as t, count(*) as hits from \\tmp.log where group by t order by t desc" -i:IISW3C -o:CSV

t , hits
2014-03-03 15:00:00,1235
2014-03-03 14:00:00,1440
2014-03-03 13:00:00,1440
2014-03-03 12:00:00,1440
2014-03-03 11:00:00,1440

but i want '0' hits to be displayed if no records are found rather than nothing being displayed .

This is because, I have a monitoring script which check and alerts when there are no traffic coming into the webserver, and it confuses poeple when it doesnt write while no traffic was present at the time the monitoring script ran.

so for example, if i ran the script at "2014-03-03 17:00:00", and no traffic at the time, then i would like the log to state:

2014-03-03 17:00:00,0

IIS Logs - parse logs to get download speed

April 10, 2014, 2:52 pm

≫ Next: Get the number of bytes user has downloaded from the sharepoint site

≪ Previous: Logparser to output '0' if no hits

$

0

0

Hi,

It's been a long time since I've used Log Parser and I'm pretty much a n00b when it comes to using it.  Is there any easy way to find out fast in kbps or mbps some video files are being send from IIS v. 7?

Get the number of bytes user has downloaded from the sharepoint site

May 10, 2014, 9:17 am

≫ Next: New GUI tool for MS Log Parser, Log Parser Lizard

≪ Previous: IIS Logs - parse logs to get download speed

$

0

0

I need to get the total number of bytes users has downloaded from the sharepoint site in a particular month using Log parser tool. can any body provide me a query.

New GUI tool for MS Log Parser, Log Parser Lizard

December 5, 2007, 8:10 am

≫ Next: Subtract Timestamps

≪ Previous: Get the number of bytes user has downloaded from the sharepoint site

$

0

0

Becouse the command-line interface for Microsoft Log Parser is not very intuitive, I have created Log Parser Lizard, a Microsoft Log Parser GUI tool for managing queries, exporting results to Excel, charts, etc… In addition I have added input filters for log4net file format and SQL server T-SQL queries.

You can download Log Parser Lizard from here www.lizardl.com

Microsoft.Net 2.0 is required.

 

Subtract Timestamps

June 9, 2014, 4:37 pm

≫ Next: Event logs of a remote machine and execution time

≪ Previous: New GUI tool for MS Log Parser, Log Parser Lizard

$

0

0

I have the following in a tsv file:

Date       EndTime  StartTime LOG
---------- -------- --------- ------------------------------------
05/28/2014 15:17:10 15:17:08  396244a6-a8a8-53863636-21d8-02bb5d15
05/28/2014 15:17:10 15:17:10  396244a6-a8a8-53863636-21d8-02ea0a5a
05/28/2014 15:17:10 15:06:00  396244a6-a8a8-53863636-21d8-03194160
05/28/2014 15:17:10 15:17:07  396244a6-a8a8-53863636-21d8-03486e8a
05/28/2014 15:17:10 15:12:08  396244a6-87ac-53863636-9544-038639f6
05/28/2014 15:17:10 15:02:26  396244a6-a8a8-53863636-21d8-02ac7ae9

Using Log Parser I'm trying to add a new field - TimeTaken, by subtracting StartTime from EndTime.

Been breaking my head and I'm going nowhere with this. Pls help.

Event logs of a remote machine and execution time

June 25, 2014, 11:22 am

≫ Next: Error While Parsing Field

≪ Previous: Subtract Timestamps

$

0

0

How can I reduce the execution time of this Query?

Query:- logparser "select * into tableName from \\serverName\Application" -o:SQL -driver:"SQL Server" -server:serverName1 -database:databaseName -transactionRowCount:-1

Error While Parsing Field

July 18, 2014, 11:51 am

≫ Next: Removing % Sign from a string

≪ Previous: Event logs of a remote machine and execution time

$

0

0

Hello,

I am getting an error when running Log Parser:

"Error while parsing field sc-status: Value is not a relative integer".

How do I get around this error? Thanks!

Best regards,

Chung Lee

---

Removing % Sign from a string

July 17, 2014, 3:38 am

≫ Next: System.OutOfMemoryException: Not enough memory [Not enough storage is available to complete this operation.]

≪ Previous: Error While Parsing Field

$

0

0

Hi

I am new at using Logparser and I am trying to remove the % sign from a string. (i.e. Smith/John% ... ..../..-.).

Is there a way to remove the % sign from the string?

Thanks

System.OutOfMemoryException: Not enough memory [Not enough storage is available to complete this operation.]

August 19, 2014, 8:27 am

≫ Next: Off line parsing of Active Directory using LogParser

≪ Previous: Removing % Sign from a string

$

0

0

I'm seeing these when using the WindowsEvtInputListener (via COM Object), any ideas?

System.OutOfMemoryException: Not enough memory [Not enough storage is available to complete this operation.]

Off line parsing of Active Directory using LogParser

September 11, 2014, 6:39 pm

≫ Next: Aggregating data and filtering ajax requests

≪ Previous: System.OutOfMemoryException: Not enough memory [Not enough storage is available to complete this operation.]

$

0

0

Hello All,

I am examining a forensic image of a Small Business Server. I have extracted the NTDS.dit file, which I believe is the Active Directory database. I am trying to use LogParser to review the contents. 

Using Logparser -i:csv -o:DataGrid File:ADS.sql and where ADS.sql contains the script "SELECT * from c:\LogParser\ntds.dit" I get an output containing three variables: Filename, RowNumber, and a field name made up of numbers and non-alphabetic characters. The content of the last field for each row is mainly unreadable.

If I change the input to -i:ads I receive a "task aborted - Error retrieving object" message. I am interested in learning if anyone has been able to extract the contents of an off line Active Directory database using LogParser. If so, would you mind sharing how you did it.

Thanks in advance

Aggregating data and filtering ajax requests

October 11, 2014, 3:35 pm

≫ Next: Bytes to Terabytes Conversion?

≪ Previous: Off line parsing of Active Directory using LogParser

$

0

0

Hi guyz,

I have a website for which I need to collect some usage patterns through IIS log parser. One of the problems that I am facing is my website is an MVC application that makes a lot of ajax calls whenever the page loads/autorefreshes to pre-fetch information. Through the IIS logs, there is no way to distinguish these. Any ideas around this?

Also, I need to generate a report that shows the most frequently used pages on my website over the past 5 working days. Any suggestions around this scenario? Not sure if url count is sufficient because there could be a same user who is going to a web page multiple times in a short span. May be a combination of group by and quantize etc.?

Bytes to Terabytes Conversion?

October 13, 2014, 6:09 am

≫ Next: Using TIMESTAMP

≪ Previous: Aggregating data and filtering ajax requests

$

0

0

I have a value in CSV which is in bytes and I need it converting to terabytes. Can Log Parser do this during the import process?

Using TIMESTAMP

June 2, 2012, 12:41 pm

≫ Next: Sorting DATE from WMIC QFE

≪ Previous: Bytes to Terabytes Conversion?

$

0

0

So, you can use TIMESTAMP('3', 'd') to subtract from another timestamp field ... However, no matter what I try, I cannot seem to put a string variable in the first field of the TIMESTAMP function ... Example: TIMESTAMP(varString, 'h') tells me "missing timestamp" even if I set varString equal to '3' or some other string representing an integer ... Ideas ???

Sorting DATE from WMIC QFE

October 23, 2014, 4:15 pm

≫ Next: How to count days?

≪ Previous: Using TIMESTAMP

$

0

0

I'm running the following Log Parser command but unable to sort by date Installed.

WMIC QFE GET | logparser -stats OFF -rtp:-1 -i:tsv -HEADERROW:OFF -iTsFormat:'MM/DD/YYYY' "SELECT Field2 as HOSTNAME, Field4 as [HOT FIX ID], Field5 as [INSTALLED BY], Field6 as [INSTALLED ON] FROM STDIN ORDER BY [INSTALLED ON] DESC" -iSeparator:space -nSep:2 -fixedSep:off -nSkipLines:1

The output is being sorted by the Month rather than the entire date. Please help.

HOSTNAME       HOT FIX ID INSTALLED BY                INSTALLED ON
-------------- ---------- --------------------------- ------------
Jackinthebox KB2868623  DON         9/8/2013
Jackinthebox KB2862772  DON         9/8/2013
Jackinthebox KB2859537  DON         9/8/2013
Jackinthebox KB2849470  DON         9/8/2013
Jackinthebox KB2775511  DON         9/8/2013
Jackinthebox KB2976897  DON         9/7/2014
Jackinthebox KB2976627  DON         9/7/2014
Jackinthebox KB2943357  DON         9/7/2014
Jackinthebox KB2978668  DON         9/7/2014
Jackinthebox KB2937610  DON         9/7/2014
Jackinthebox KB2918614  DON         9/7/2014
Jackinthebox KB2655992  DON         8/5/2012
Jackinthebox KB2653956  DON         8/5/2012
Jackinthebox KB2691442  DON         8/5/2012
Jackinthebox KB2698365  DON         8/5/2012
Jackinthebox KB2719985  DON         8/5/2012
Jackinthebox KB2718523  DON         8/5/2012
Jackinthebox KB2813430  DON         8/4/2013
Jackinthebox KB2846071  DON         8/4/2013
Jackinthebox KB2834886  DON         8/4/2013
Jackinthebox KB2835361  DON         8/4/2013
Jackinthebox KB2850851  DON         8/4/2013
Jackinthebox KB2962872  DON         8/3/2014
Jackinthebox KB2961072  DON         8/3/2014
Jackinthebox KB2973201  DON         8/3/2014
Jackinthebox KB2567680  DON         8/21/2011
Jackinthebox KB2559049  DON         8/21/2011
Jackinthebox KB2563894  DON         8/21/2011
Jackinthebox KB2560656  DON         8/21/2011
Jackinthebox KB2556532  DON         8/21/2011
Jackinthebox KB2536276  DON         8/21/2011
Jackinthebox KB2667402  DON         7/8/2012
Jackinthebox KB2709162  DON         7/8/2012
Jackinthebox KB2699988  DON         7/8/2012
Jackinthebox KB2718704  DON         7/8/2012
Jackinthebox KB2685939  DON         7/8/2012
Jackinthebox KB2709715  DON         7/8/2012
Jackinthebox KB2838727  DON         7/7/2013
Jackinthebox KB2839894  DON         7/7/2013
Jackinthebox KB2845690  DON         7/7/2013
Jackinthebox KB2525694  DON         7/7/2011
Jackinthebox KB2530548  DON         7/7/2011
Jackinthebox KB2511455  DON         7/7/2011
Jackinthebox KB2510531  DON         7/7/2011
Jackinthebox KB2476490  DON         7/7/2011

---

How to count days?

October 28, 2014, 9:35 am

≫ Next: IIS7 FTP Logging (All Fields) + LogParser

≪ Previous: Sorting DATE from WMIC QFE

$

0

0

Hi,

 

I want to use logparser to do something that I think should be very simple, but I've never used the program and I have no idea how to use it.

 

Firstly, I managed to know if the event "4624" appears at least once every day:

SELECT DISTINCT QUANTIZE( TimeGenerated, 86400 ) AS Timee,
EXTRACT_TOKEN(Strings,5,'|') AS USER
FROM 'c:\archive-*.evtx' WHERE user like 'dcse1401' AND EventID=4624
GROUP BY Timee,user
HAVING to_string(timee,'yyyy-MM-dd HH:mm:ss') like '2014-10%'

out:

date                              user

2014-10-06 00:00:00    dcse1401
2014-10-07 00:00:00    dcse1401
2014-10-08 00:00:00    dcse1401
2014-10-09 00:00:00    dcse1401
2014-10-13 00:00:00    dcse1401
2014-10-14 00:00:00    dcse1401
2014-10-15 00:00:00    dcse1401
2014-10-16 00:00:00    dcse1401
2014-10-20 00:00:00    dcse1401
2014-10-21 00:00:00    dcse1401
2014-10-22 00:00:00    dcse1401
2014-10-23 00:00:00    dcse1401
2014-10-27 00:00:00    dcse1401

Now I want to count the number of days that the user "dcse1401" appears in the above grid, that would be 13. In other words:

user           Number_of_Logons

dcse1401    13

 

I´ve Proved the following query:

SELECT
EXTRACT_TOKEN(Strings,5,'|') AS USER,
count(*) AS Number_of_Logons
FROM 'c:\archive-*.evtx' WHERE user like 'dcse1401%' and EventID='4624'
AND to_string(timegenerated,'yyyy-MM-dd HH:mm:ss') like '2014-10%'
GROUP BY USER

out:

user           Number_of_Logons

dcse1401    157

 

but this query  displays all records that have produced in this moth, in this case 157

 

¿Does anyone Know how to get such a result?

That is:

user           Number_of_Logons

dcse1401    13

 

Thanks in advance.

IIS7 FTP Logging (All Fields) + LogParser

December 1, 2010, 8:49 am

≫ Next: Page hits for a specific folder (i.e. web)

≪ Previous: How to count days?

$

0

0

Hi Guys,

I'm running a IIS7 box with ftp. I've enable ftp logging and all fields are selected (as below):

#Fields: date time c-ip c-port cs-username s-sitename s-computername cs-host s-ip s-port cs-method cs-uri-stem sc-status sc-win32-status sc-substatus sc-bytes cs-bytes time-taken x-session x-fullpath x-debug

Im running logparser with the following command:

C:\inetpub\logs\LogFiles\FTPSVC1>c:\"Program Files (x86)\log parser 2.2"\logpars er.exe -e:1 "SELECT Add(REPLACE_IF_NULL(sc-bytes,0),REPLACE_IF_NULL(cs-bytes,0)) as sc-bytes FROM u_ex1011*.log where cs-username = 'abc'"
Task aborted.
Too many parse errors - aborting
Parse errors:
Unknown field c-port found in #Fields directive
Cannot find '#Fields' directive in header of file "C:\inetpub\logs\LogFiles\F TPSVC1\u_ex101103.log". Lines 5 to 24387 have been ignored

Statistics:
-----------
Elements processed: 0
Elements output: 0
Execution time: 0.14 seconds

Its giving me an error because the c-port field is not supported in LogPraser.

Any solutions besides removing the logging of the field would be appreciated ?

Thanks in Advance,

Regards

Page hits for a specific folder (i.e. web)

December 2, 2014, 1:52 pm

≫ Next: Analyse FTP Logs

≪ Previous: IIS7 FTP Logging (All Fields) + LogParser

$

0

0

What I am hoping to achieve here is a query that won't return all page hits for all pages within a specific folder, but all page hits for a specific folder (or website). We have servers that have multiple sites on them, each containing a large number of pages. We are not interested in the specific hits per page but more so, how many hits collectively for each site in the root of the server. Is there a query that I can run through LogParser that would achieve this?

Thank you!

Greg

***** 12/3/2014: I've decided to just run the full report on all pages and then have an Excel template re-present the data I need for each site.

Analyse FTP Logs

December 5, 2014, 7:19 am

≫ Next: Hits per Month

≪ Previous: Page hits for a specific folder (i.e. web)

$

0

0

Hello,

I want to Analyse with Logparser FTP Log Files from Windows Server 2008R2.

Can somebody send my a query sample, that I get all users where logged on at ftp server per day or month.

I found nothing about such query.

I have installed logparser version 2.2.10.

Is it also possible to analyse a ftp log with the logparser studio?

Hits per Month

December 17, 2014, 11:39 am

≫ Next: Error: detected extra argument

≪ Previous: Analyse FTP Logs

$

0

0

Hello,

how can I count an IIS log with the result Hits per Month.

Did somebody have a query for me, Thanks a lot.