Logparser

http://www.microsoft.com/en-us/download/details.aspx?id=24659

Logparser 的用法

https://www.cnblogs.com/Jerseyblog/p/3986591.html

利用 C# 去执行 Log Parser
https://www.cnblogs.com/chenleiustc/archive/2009/07/25/1530712.html

IIS log
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status time-taken

输出访问的url

C:\Program Files (x86)\Log Parser 2.2>logparser -i:iisw3c -o:csv "SELECT cs-uri-stem from D:\TEMP\TEST.LOG" > d:\temp\test.csv

求出各个页面类型，各种返回结果占总点击数的比重
logparser -i:iisw3c -o:csv "SELECT EXTRACT_EXTENSION(cs-uri-stem) AS PageType, sc-status, MUL(PROPCOUNT(*), 100.0) AS Hits FROM D:\TEMP\TEST.LOG GROUP BY PageType, sc-status ORDER BY PageType, sc-status" >d:\temp\test.csv

统计访问url类型
logparser -i:iisw3c -o:csv "SELECT EXTRACT_EXTENSION(cs-uri-stem) as PageType,count(1) from D:\TEMP\TEST.LOG GROUP BY PageType" > d:\temp\test.csv

统计访问useragent百分比
logparser -i:iisw3c -o:csv "SELECT DISTINCT cs(USER-AGENT) as IEType,count(1),mul(propcount(*),100) as Pert from D:\TEMP\TEST.LOG GROUP BY IEType" > d:\temp\test.csv

利用ODBC导入到数据库
logparser.exe "SELECT TO_LOCALTIME(TO_TIMESTAMP(ADD(TO_STRING(date, 'yyyy-MM-dd '), TO_STRING(time, 'hh:mm:ss')), 'yyyy-MM-dd hh:mm:ss')) AS CreateDate, * FROM D:\TEMP\TEST.LOG to LOG" -i:IISW3C -o:SQL -oConnString:"Data Source=localhost;Initial Catalog=Test;Integrated Security=True" -createtable:ON

logparser.exe  "SELECT *  FROM D:\TEMP\TEST.LOG to NginxLog" -i:NCSA -o:SQL -oConnString:"Dsn=iislog32" -createtable:ON

CSV logparser -i:CSV -iHeaderFile:"D:\TEMP\HEADER.TXT" -headerRow:OFF -o:csv "SELECT sc-status from D:\TEMP\TEST.CSV" > d:\temp\test2.csv

logparser -i:CSV -iHeaderFile:"D:\TEMP\HEADER.TXT" -headerRow:OFF "SELECT * INTO DATAGRID  from D:\TEMP\TEST.CSV"

NetMonitor

logparser -i:NETMON "SELECT * INTO DATAGRID  from D:\TEMP\CAP\TEST.CAP"

Regedit.msc

LogParser "SELECT TOP 50 * INTO DATAGRID FROM \HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols"

into sql server

LogParser "SELECT * INTO MyTable FROM \HKLM" -i:REG -o:SQL -server:localhost -database:test -driver:"SQL Server" -username:sa -password:pass -createTable:ON

ODBC logparser.exe "SELECT TO_LOCALTIME(TO_TIMESTAMP(ADD(TO_STRING(date, 'yyyy-MM-dd '), TO_STRING(time, 'hh:mm:ss')), 'yyyy-MM-dd hh:mm:ss')) AS CreateDate, * FROM D:\TEMP\TEST.LOG to LOG" -i:IISW3C -o:SQL -oConnString:"Data Source=localhost;Initial Catalog=Test;Integrated Security=True" -createtable:ON logparser.exe  "SELECT *  FROM D:\TEMP\TEST.LOG to NginxLog" -i:NCSA -o:SQL -oConnString:"Dsn=iislog32" -createtable:ON

 

Not work LogParser "SELECT sc-status, COUNT(*) AS Times INTO Chart.gif FROM D:\TEMP\TEST.LOG GROUP BY sc-status ORDER BY Times DESC" -chartType:PieExploded3D -chartTitle:"Status Codes"

Not try FROM IIS://MyUsername:MyPassword@COMPUTER01/W3SVC/1

MD5 Hashes of System Files LogParser "SELECT Path, HASHMD5_FILE(Path) FROM C:\Windows\System32\*.exe" -i:FS -recurse:0 Identical Files LogParser "SELECT HASHMD5_FILE(Path) AS Hash, COUNT(*) AS NumberOfCopies FROM C:\*.* GROUP BY Hash HAVING NumberOfCopies > 1" -i:FS

 

Active Directory LogParser "SELECT PropertyValue FROM LDAP://mydomain.mycompany.com WHERE PropertyName = 'comment'" -i:ADS LogParser "SELECT cn, operatingSystem, operatingSystemServicePack FROM LDAP://mydomain.mycompany.com/CN=Computers,DC=mydomain,DC=mycompany,DC=com" -i:ADS -objClass:Computer

 

LogQuery oLogQuery = new LogQuery();
 IISInputFormat oIISInputFormat = new IISInputFormat();
 string query = @"SELECT COUNT(DISTINCT c-ip) AS hits
                  FROM 'C:\WINDOWS\system32\Logfiles\W3SVC1\ex070820.log'
                  WHERE cs-uri-stem like '%.asp'
                  AND sc-status=200";
 LogRecordSet oRecordSet = oLogQuery.Execute(query, oIISInputFormat);
 if (!oRecordSet.atEnd())
 {
     hits = (int)oRecordSet.getRecord().getValue("hits");
 }
 oRecordSet.close();