一个强大的LogParser的UI工具--logparserlizard简介-白红宇

一个强大的LogParser的UI工具--logparserlizard简介

阅读量：6348 次

发布时间：2019-06-22

本文共 4034 字，大约阅读时间需要 13 分钟。

日志分析，特别是IIS日志，一般人都会想到LogParser工具，的确很强。但是命令行的操作界面令很多非专业的管理人员望而生畏，现在好了，有一个可视化的LogParser的UI工具可以使用了！ Log Parser Lizard 1.1 ，这是一款用Vc++.net写的logParser增强工具。主要有以下特点： 1、封装了logParser命令，带图形界面，大大降低了LogParser的使用难度。 2、集成了几个开源工具，如log4net等。可以对IIS logs/EventLogs/active directory/log4net/File Systems/T-SQL进行方便的查询。 3、集成了Infragistics.UltraChart.Core.v4.3、Infragistics.Excel.v4.3.dll等，使查询结果可以方便的以图表或EXCEL格式展示。 4、集成了常见的查询命令，范围包含六大模块:IIS 5、可以将查询过的命令保存下来，方便再次使用。

最重要的是，它是完全免费的。下载地址为：需要先安装LogParser 2.2，下载地址：下载后4.9M的一个MSI文件，直接安装即可。注意安装位置尽量不要带空格。

注意：如果LogParser没有安装，会运行出错！

初始界面如图：

下面以一个检查IISLog的例子来比较LogParser与LogParserLizard的区别。某日早上，发现网站阻塞，

第一种速查方案： 迅速启动LogParser: 进入命令行模式：输入： LOGPARSER -i:IISW3C file:D:/Log/log_SQL/Slowest10IPInIIS_MySite.sql -o:DataGrid -q:off 其中,Slowest20FilesInIIS_MySite.sql的内容如下：

[ruby]

--rem 运行最慢的２０个页面

--Finding the 20 slowest pages in your Web site

Select Top 20

LogRow as [Line Number],

date as [Date],

time as [Time],

c-ip as [Client-IP],

s-ip as [Server IP],

s-port as [Server Port],

cs-method as [Request Verb],

cs-uri-stem as [Request URI],

sc-bytes as [Bytes sent],

sc-status as [Status],

sc-substatus as [Sub-status],

sc-win32-status as [Win 32 Status],

time-taken as [Time Taken]

From

D:/Log/log_SQL/LogFiles/ex*.log

Order by time-taken desc

--rem 运行最慢的２０个页面 --Finding the 20 slowest pages in your Web site Select Top 20 LogRow as [Line Number], date as [Date], time as [Time], c-ip as [Client-IP], s-ip as [Server IP], s-port as [Server Port], cs-method as [Request Verb], cs-uri-stem as [Request URI], sc-bytes as [Bytes sent], sc-status as [Status], sc-substatus as [Sub-status], sc-win32-status as [Win 32 Status], time-taken as [Time Taken] From D:/Log/log_SQL/LogFiles/ex*.log Order by time-taken desc

执行结果如图：

从图中可以看出，访问最慢而且最频繁的页面是/Company/List.aspx,　而且集中在一个IP： 116.7.16.249 ，基本可以肯定主·这是有人恶意爬数据，再输入：

LOGPARSER -i:IISW3C file:D:/Log/log_SQL/Slowest10IPInIIS_MySite.sql -o:DataGrid -q:off 其中,Slowest10IPInIIS_MySite.sql的内容如下：

[ruby]

--rem 访问量最大的IP的访问明细

Select cs-uri-stem as [RequestURI],count(cs-uri-stem) as VisitCounts,c-ip as [ClientIP]

FROM

D:Log/log_SQL/LogFiles/ex090829.log

group by cs-uri-stem,c-ip

ORDER BY VisitCounts DESC

--rem 访问量最大的IP的访问明细 Select cs-uri-stem as [RequestURI],count(cs-uri-stem) as VisitCounts,c-ip as [ClientIP] FROM D:Log/log_SQL/LogFiles/ex090829.log group by cs-uri-stem,c-ip ORDER BY VisitCounts DESC

启动管理工具，禁IP！！！

第二种速查方案： 启动logParserLizard,在界面中选择IIS Log--"New Query"--格式选"IIS W3C Logs" 在查询窗口输入同样的SQL,点击"Generate"

[ruby]

--rem 运行最慢的２０个页面

--Finding the 20 slowest pages in your Web site

Select Top 20

LogRow as [Line Number],

date as [Date],

time as [Time],

c-ip as [Client-IP],

s-ip as [Server IP],

s-port as [Server Port],

cs-method as [Request Verb],

cs-uri-stem as [Request URI],

sc-bytes as [Bytes sent],

sc-status as [Status],

sc-substatus as [Sub-status],

sc-win32-status as [Win 32 Status],

time-taken as [Time Taken]

From

D:/Log/log_SQL/LogFiles/ex*.log

Order by time-taken desc

得到如下结果：

再在查询窗口输入

[ruby]

--rem 访问量最大的10个IP

--Finding the 10 most ClietnIPs in your Web site

Select Top 10

c-ip as [MostIP],

COUNT(*) AS VisitCounts

FROM

D:/Log/log_SQL/LogFiles/ex090829.log

Group by c-ip ORDER BY VisitCounts DESC

--rem 访问量最大的10个IP --Finding the 10 most ClietnIPs in your Web site Select Top 10 c-ip as [MostIP], COUNT(*) AS VisitCounts FROM D:/Log/log_SQL/LogFiles/ex090829.log Group by c-ip ORDER BY VisitCounts DESC

得到下图：