How do I view Windows logs?
If your team is looking for an affordable way to begin log parsing Windows files, Log Parser can be a great option—although it’s not the only one. The tool provides access to log files and data sources through a Windows operating environment, and that includes the Event Log, the Registry, Active Directory, and more.
With Log Parser, analyzing information can be as easy as entering an SQL-formatted query into the command line interface. By doing so, you’ll be telling the tool what information you need, how to format that information, and where you need that information to be pulled from.
Here are a few Log Parser examples that may help get you started:
- All pages hit by a specific IP address:
logparser "select cs-uri-stem, count(cs-uri-stem) as requestcount from [LogFileName] where c-ip = ‘000.00.00.000’ group by cs-uri-stem order by count(cs-uri-stem) desc" - Hits on a specific page by a specific IP address:
logparser "select c-ip, count(c-ip) as requestcount from [LogFileName] where cs-uri-stem like ‘/search.aspx%’ group by c-ip order by count(c-ip) desc" - Hits per hour generated by a specific IP address:
logparser "select TO_LOCALTIME(QUANTIZE(TO_TIMESTAMP(date, time), 3600)), count(*) as numberrequests from [LogFileName] where c-ip=’000.000.00.000′ group by TO_LOCALTIME(QUANTIZE(TO_TIMESTAMP(date,time), 3600))" - Pages being hit and the specific IP addresses doing it:
logparser "select cs-uri-stem, c-ip, count(cs-uri-stem) from [LogFileName] where cs-uri-stem like ‘%aspx%’ or cs-uri-stem like ‘%ashx%’ group by cs-uri-stem, c-ip order by count(cs-uri-stem) desc" - IP addresses driving traffic:
logparser "select c-ip, count(c-ip) as requestcount from [LogFileName] group by c-ip order by count(c-ip) desc"
How do I view SQL log files?
In a similar way, viewing SQL log files just depends on writing the right queries in the right format. While this may be possible with Microsoft’s Log Parser, a number of commercial products exist that can support teams of varying sizes as they work to monitor logs, analyze issues, and craft necessary solutions.
These SQL commands should give you an idea of how to view SQL log files:
- Top 25 URLs:
SELECT TOP 25
cs-uri-stem as Url,
COUNT(*) As Hits
FROM c:\inetpub\logs\LogFiles\W3SVC1\*
GROUP BY cs-uri-stem
ORDER By Hits DESC
- Number of requests made by a specific user:
SELECT TOP 25
cs-username As User,
COUNT(*) as Hits
FROM c:\inetpub\logs\LogFiles\W3SVC1\*
WHERE User Is Not Null
GROUP BY User
- Top 25 types of files:
SELECT TOP 25
EXTRACT_EXTENSION(cs-uri-stem) As Extension,
COUNT(*) As Hits
FROM c:\inetpub\logs\LogFiles\W3SVC1\*
GROUP BY Extension
ORDER BY Hits DESC
As you can see, there are many different ways to leverage log parsing in order to examine and organize data. Ultimately, the commands you use will depend on what you hope to find. As you assess the company’s needs, log parsing will likely be an invaluable tool for both troubleshooting issues and discovering actionable insights.
For more information on logging best practices and considerations, read through our related blog articles.