Web Traffic Monitoring software 2

[Jaminj]

Hello. Does anyone know of a good 3rd party tool that will help with monitoring web traffic on IIS sites. I am running IIS 6 and would like to be able to see how many of our users are getting into our Sharepoint site. Thanks.

 

[nickpark]

Turn on logging in IIS and try using

http://www.logparser.com/

(not that i've tried it yet)

 

[Jaminj]

Thank you. I think that may do what I need.

 

[Castor66]

LogParser 2.2 is the best ever. Forget about any of the commercial packages out there - Log Parser just walks all over them. If you spend the time getting the various scripts right you will be well rewarded.

In addition if you want to parse your event logs it is excellent. I've got a batch job which analyzes all my servers event logs and returns to me all the events of interest. Previously I was dumping out all the logs using DUMPEL and then analyzing them in Excel to see the ones of interest. Now I can do that with one statement (I actually use more but I could do it with one)

Log Parser - a tool for every sys admin's toolkit.

 

[Jaminj]

Thanks Castor66. I also found a program called Analog that is pretty easy to use for IIS logs.

How difficult is it to setup Parser to check your event logs? That is something I would be interested in. I will have to download and evaluate it.

 

[nickpark]

Yes, Castor66 - this batch job sounds great... hint hint... would certainly save money buying MoM...

 

[Castor66]

If you want to check your event logs here are a couple of queries you can run. These collect the Warnings and Errors from your System and Application logs from the last two days. They are output in CSV format to system_errors.csv and application_errors.csv. I don't output the strings as they take up too much room. Also, the application log checker ignores anything with a Source of 'Application'. This is there 'cos I have dumb developers who write generic events to the application event log.

If these servers are not on the domain you will need to connect to the IPC$ share (if available) before you collect the logs.

Working with dates and times is the worst thing about it. It took me ages to find the correct syntax to be able to collect the logs from the past two days as I have below. If you want to only collect the last days logs then you should change the TIMESTAMP entry from 0000-01-03 to 0000-01-02. Everything is offset from 0000-01-01.

And, the EventTypes are - Errors = 1, Warnings = 2 and Information = 4.

Finally - these must be on one continuous line. Any line breaks must be removed for these to work.

Hope these help - maybe I should do a FAQ on this?

http://www.logparser.com

has some good information on this.

logparser -i:EVT -o:CSV "select EventLog, RecordNumber, TimeGenerated, TimeWritten, EventID,EventType, EventTypeName, EventCategory, EventCategoryName, SourceName, Strings, ComputerName, SID into system_errors.csv from \\server1\system, \\server2\system, \\server3\system, \\server4\system where (TimeGenerated > TO_LOCALTIME( SUB( SYSTEM_TIMESTAMP(), TIMESTAMP('0000-01-03', 'yyyy-MM-dd') ) )) and (EventType < 4)"

logparser -i:EVT -o:CSV "select EventLog, RecordNumber, TimeGenerated, TimeWritten, EventID, EventType, EventTypeName, EventCategory, EventCategoryName, SourceName, Strings, ComputerName,SID into application_errors.csv from \\server1\application, \\server2\application, \\server3\application, \\server4\application where (TimeGenerated > TO_LOCALTIME( SUB( SYSTEM_TIMESTAMP(), TIMESTAMP('0000-01-03', 'yyyy-MM-dd') ) )) and (EventType < 4) and (SourceName <> 'Application')"