星外系统IIS日志分析常用的几个命令小结
命令中的{0}代表源日志文件的路径,实际运行的时候请替换为真实路径
命令中的{1}代表日志导出到的文件的路径,实际运行的时候请替换为真实路径
例如:
7i24iislog.exe -i:BIN -o:W3C "select siteid,uristem,bytessent from 'd:iislogw3svcsss.ibl' to 'd:a.log' order by bytessent desc"
1、查询某IP访问某网站的某网页的次数,倒序排列
7i24iislog.exe -i:BIN -o:W3C "select clientipaddress,siteid,uristem,count(clientipaddress) from '{0}' to '{1}' group by clientipaddress,uristem,siteid order by count(clientipaddress) desc"
2、某IP访问整个服务器网站的次数
7i24iislog.exe -i:BIN -o:W3C "select clientipaddress,count(clientipaddress) from '{0}' to '{1}' group by clientipaddress order by count(clientipaddress) desc"
3、按照接收数据(用户上传)大小排列
7i24iislog.exe -i:BIN -o:W3C "select siteid,uristem,bytesreceived from '{0}' to '{1}' order by bytesreceived desc"
4、按照发送数据(用户下载)大小排列
7i24iislog.exe -i:BIN -o:W3C "select siteid,uristem,bytessent from '{0}' to '{1}' order by bytessent desc"
5、检测PHP发包
7i24iislog.exe -i:BIN -o:W3C "select siteid,uristem,uriquery from '{0}' to '{1}' where uriquery like '%port=%' and uriquery like '%ip=%'"