Wednesday, October 6, 2010

Analyzing IIS logs (aka "Fundamendal change in Microsoft’s attitude”)

There are plenty of interesting ways you can analyze IIS logs, however after a short research I’ve found that two of them are worth to be mentioned:

  • use Analog, a free tool which can be customized to produce a detailed report out of any log file but of course it works like a charm for IIS logs. Analog output is a webpage which shows various statistics of your log including few charts. Edit: 06-2018: Analog has been discontinued. Please visit this comparison list instead.
  • import the log file to a SQL Server table and use SQL to build your own statistics

There’s a free tool to support the latter scenario, provided by Microsoft, PrepWebLog. It’s supposed to rewrite the log file so that the lines starting with comment char (#) are stripped out. The tool however does not work because of stupid bug in the code (the source code is included):

#include <stdio.h>
#include <string.h>
int main(int argc, char **argsch)
   FILE *stream;
   char line[1000];
   int  ch;
   if(argc < 2)
       printf("Usage: preplog.exe <weblog>\n");
       printf("\nThe output will go to stdout, so use > filename to direct to an output file\n");
       return -1;
   if( (stream = fopen( argsch[1], "r" )) != NULL )
        while(fgets(line,10000,stream) != NULL)
           if(ch = strncmp(line,"#",1) !=0)
            printf( "%s", line);
      fclose( stream );
      return 0;
       printf("Could not open %s.  Please ensure that the path and filename are correct.\n",argsch[1]);
       return -1;

(yes, this is the complete source code of the tool!) Please note that “line” is defined as char[1000] while fgets tries to put 10000 chars into it. And yes, the log I’ve tried to analyze had a line longer than 1000 characters.

So I’ve been struck with a fundamental change in Microsoft attitude – instead of providing tools that work, they provide tools that do not work but since the source code is included, customers can fix all the issues on their own.

Way to go, Microsoft :)

1 comment:

Anonymous said...

There is a special tool to perform this task: Microsoft Log Parser.