Using Microsoft’s log parser to analyse web server traffic
8 August, 2007 – 11:19 amIIS logs if setup properly can be an extremely useful source of information during load testing and for other activities such as capacity planning. Another load tester sings its praise here and provides good justification of why you should use it.
The log parser comes for free with the IIS resource pack but you can also get it individually here.
There are some gotchas that you need to be aware, mostly to do with the amount of extended info you are logging. If you hope to get into the nitty gritty and use extended logging info you must make sure these options are selected in the advanced properties for your log files.
You probably also want to consolidate your log files into a dedicated partition or volume, for easier administration further down the track. If you’re operating in a web farm type environment, you may also want to consolidate log files onto a single volume. You can specify these type of locations using UNC paths / shares etc. There’s a very good blog post that explains how to control the seemingly random instance naming convention that Microsoft assigns to each additional web server in your farm.
And finally, this tool runs great via cygwin/ssh so you can remotely log in and run queries as required. Here’s a query to get you started, there are many more out there on the web. I use this to show me how many total Bytes are being transmitted for any given day grouped by file extension, and also the average time taken in milliseconds to serve up each of the file extensions.
./LogParser.exe "SELECT EXTRACT_TOKEN (cs-uri-stem, -1, '.') AS Extension, AVG(time-taken) AS AvgTimeMs, SUM(sc-bytes) AS SumBytesTx, SUM(cs-bytes) AS SumBytesRx FROM D:\LOGS\HTTP\w3svc1\ex070719*.log WHERE Extension IN ('php';'html';'swf';'js'; 'jpg';'flv';'xml') GROUP BY Extension"
