日志分析工具Log Parser介绍

摘要: 微软动态CRM专家罗勇 ,回复321或者20190322可方便获取本文,同时可以在第一间得到我发布的最新博文信息,follow me!

分析Dynamics 365 Customer Engagement性能有时候需要分析前端服务器的IIS Log,这时候可以用一个工具,就是 Log Parser,下载地址是 https://www.microsoft.com/en-us/download/details.aspx?id=24659 。

下载完毕安装后,打开安装目录 C:\Program Files (x86)\Log Parser 2.2 ,将其中的文件 LogParser.exe 复制到 C:\Windows\System32 文件夹中,这样在cmd或者PowerShell中就可以直接使用命令分析日志了,也可以方便的查看帮助。打开界面输入 logparser 结果如下:

 

如果IIS 没有启动Log功能(默认安装情况下不启用),建议先启用。

 

在服务器上输入 INETMGR 打开 Internet Infomation Services (IIS) Manager ,打开IIS上的Logging

 

IIS日志默认情况下是没有记录Bytes Sent和Bytes Received两个字段的,建议勾选。从Directory: 就知道IIS日志存放的路径。

 

如果访问量很大,IIS Log文件会很大,打开麻烦,可以考虑每个日志文件达到多大的时候生成一个新文件来记录IIS 日志。

将 IIS Log拿到后就可以用Log Parser对它进行分析了,我这里查看一个文件所有记录,以另外一种格式来看看。首先截图原文是啥样的,不是很好阅读。

我是用下面语句来以另外一种格式化一下以另外一种形式展示:

logparser "select * from D:\u_ex190322.log" -o:datagrid

 

 展示的样子如下:

默认只展示10行,可以点击下面的【All rows】按钮。列太多,我选一些列来看看。

logparser "select date,time,c-ip,cs-method,cs-uri-stem,cs-uri-query,sc-status,sc-bytes,cs-bytes,time-taken from D:\u_ex190322.log" -o:datagrid

效果如下图:

我这里简单对几个列的含义做个说明(为本人理解,不对正确性做保证):

列标题 含义 说明
date 请求发生的日期 UTC 0时区日期
time 请求发生的时间 UTC 0时区时间
c-ip Client IP Address 请求发起的客户端IP
cs-uri-stem URI Stem

摘自:https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-wmlog/fc4b49d7-e83f-4389-8063-414f8bad80dd

This field MUST specify the URL actually used by the client. Any query strings MUST be excluded from the URL. (This means that the value of the cs-uri-stem field is equal to the URL actually used by the client, truncated at the first "?" character.)

我简单理解就是访问的网址 ? 符号的前面部分

cs-uri-query URI Query

摘自:https://docs.microsoft.com/en-us/dotnet/api/system.uri.query?view=netframework-4.7.2

The Query property contains any query information included in the URI. Query information is separated from the path information by a question mark (?) and continues to the end of the URI. The query information returned includes the leading question mark.

我简单理解就是访问的网址 ? 符号的后面部分

sc-status Protocal Status 对于HTTP请求来讲就是返回的HTTP status code
cs-method Method 对于HTTP请求来讲就是请求的动作把,比如GET,POST,DELETE,PUT等
sc-byte Bytes Sent 就是服务器端给客户端发送内容的大小,以字节为单位
cs-byte Bytes Received 就是客户端给服务器端发送内容的大小,以字节为单位
time-taken Time Taken

摘自:https://support.microsoft.com/en-us/help/944884/description-of-the-time-taken-field-in-iis-6-0-and-iis-7-0-http-loggin

The time-taken field measures the length of time that it takes for a request to be processed. The client-request time stamp is initialized when HTTP.sys receives the first byte of the request. HTTP.sys is the kernel-mode component that is responsible for HTTP logging for IIS activity. The client-request time stamp is initialized before HTTP.sys begins parsing the request. The client-request time stamp is stopped when the last IIS response send completion occurs. 

Beginning in IIS 6.0, the time-taken field typically includes network time.

Note The value in the time-taken field does not include network time if one of the following conditions is true:

  • The response size is less than or equal to 2 KB, and the response size is from memory.
  • TCP buffering is used. Applications that use HTTPAPI.dll can set the HTTP_SEND_RESPONSE_FLAG_BUFFER_DATA flag to enable TCP buffering on Windows Server 2003 Service Pack 1 and later. This allows the server to send all of the response data to the client without having to wait for the client’s corresponding acknowledgements.

我来简单理解就是请求从接到到发送给客户端消耗的时间,应该是毫秒为单位。如果客户端请求的或者服务器端返回的内容比较大,且网络不是很好的话,是可能比较耗时的。

当然也可以做一些统计,比如统计耗时超过10s的请求数量:

logparser "select count(*) from D:\u_ex190322.log where time-taken >=10000"

 

当然还可以导出部分请求,示例如下:

logparser "select date,time,c-ip,cs-method,cs-uri-stem,cs-uri-query,sc-status,sc-bytes,cs-bytes,time-taken from D:\u_ex190322.log where time-taken >=10000" -o:datagrid

在打开的新窗口中是可以显示所有符合条件记录(使用【All rows】按钮),然后用 Ctrl + A 全选,Ctrl + C 复制,可以直接粘贴到Excel中。

 

posted @ 2019-03-22 12:35  微软MVP(15-18)罗勇  阅读(15988)  评论(0编辑  收藏  举报