How To Analyse IIS Log Files

Every request made to a web application running on IIS is logged. Not only will the page that was requested be registered, but a lot of additional information like the user agent, the client IP address and if the request resulted in an error.

Many of those values can be found in Google Analytics, but not all. This makes the log files of IIS a valuable source for knowing what happens inside your application. Today we look at the different ways we have to gain insights from those log files.

This post is part of the Improve Your Log Messages series. You can find the other parts here:

 

Log Parser

Most the tools we can find to analyse IIS log files are either old, cost a lot of money or are no longer maintained. One of the oldest tools is Log Parser from Microsoft. This tool can be used for free and offers an enormous flexibility to query your log files. To install Log Parser you simply execute the *.msi package, click on next and you are done – no big configuration, no endless screens of options.

You can use a SQL-like language to count, group and select the events you are looking for. To group all requests by the user agent and count the hits you can use this call on the command line:

If this kind of querying is your cup of tea then you definitely should read the blog post from Scott Hanselman on Log Parser. There you will not only get an explanation on how this query exactly works but many more interesting things on how to use Log Parser successfully.

 

Lizard GUI for Log Parser

While I don’t mind writing SQL-like commands, I don’t want to write them in the console. Luckily the people at Lizard Labs had the same objections and wrote a graphical user interface for Log Parser (called Log Parser Lizard). You can use the free version or unlock all the features for 55$.

With Lizard you have full access to Log Parser but get a full set of queries that you can use out of the box or modify to your needs. Right at the start you will see the impressive amount of input formats that are supported:

Lizard inputs

When you have selected an input source you can then select a prepared query or write your own:

Lizard query

With all those options it is hard to find the right one. This is not a problem when you use Lizard often, but for the occasional query it makes all a bit confusing.

 

Log Parser Studio

Another graphical interface for Log Parser is the Log Parser Studio from Microsoft. This is free of charge and has a library of pre-defined queries like Lizard:

Log Parser Studio library

The query window is not that fancy, but it will do its job. It’s a bit unusual that you write the query below the result, but you will get used to it:

Log Parser Studio query

As soon as you have retrieved your results you can click on the chart button and create a simple graph like this one:

Log Parser Studio graphic

One thing I like more in the Studio than in the Lizard is the simple GUI. Without that many buttons and options in your way you can navigate the tool much easier. Since both tools use Log Parser you can easily try them both and make your own set of queries that can run in both applications.

 

What else?

Other tools like SmarterStats from SmarterTools looked very interesting. Unfortunately I failed at the initial configuration. When I would spare an hour or two I guess I could get it running. But that seamed an awful lot of time if other tools around Log Parser all have such a simple set up.

A long time ago I tried AWStats to get an overview on the users and when they use my site. The tool still works the same, but unfortunately it also looks exactly the same. The comparison with tools that are 10 or 12 years old doesn’t make it better – it only shows how far behind AWStats and its competitors are.

 

Next

Log Parser does its job, especially when you use a GUI like Lizard or the Studio. But even then it is miles behind what Kibana and Elasticsearch can offer. Next week I will show you how you can use Logstash to get your IIS log files into Elasticsearch.

2 thoughts on “How To Analyse IIS Log Files”

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.