IIS日志分析语句
查看哪个IP访问量大,访问了什么地址,大可以看到攻击者IP:
select c-ip,count(c-ip) AS allcount,cs-uri-stem,cs-uri-query,cs(User-Agent)
from #IISW3C# WHERE to_string(date,'yyyy-MM-dd') = '2011-11-15'
group by c-ip,cs-uri-stem,cs-uri-query,cs(User-Agent)
order by allcount desc
将日志保存到MSSQL
C:\PROGRA~1\Log Parser 2.2>LogParser file:c:\lp.sql -iw:ON -i:iisw3c -e:1000 -o:sql -oConnString:"Driver={SQL Server};Server=(local);db=Log_IIS;uid=sa;pwd=123"
