Website ranking Core skills: How to correctly analyze the Web site expansion log

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Due to recent Baidu update, so that there is a website in the Baidu rankings disappeared, had to investigate the site's access log, in order to analyze the reasons for the disappearance of rankings. Want to understand the Web site access log, you must understand the meaning of some parameters, in the IIS6.0, these parameters are very standard, to our analysis of spiders crawling and Web pages included is a very big help.

Here let us patiently learn these parameters.

Note: The following sections are translated from the Microsoft Web site-the "Extended Log File Format (IIS 6.0)" explanation.

The Consortium extension log file format is the default log format for IIS (Microsoft IIS), and its contents are encoded as the default ASCII text. You can use IIS Manager to select a variety of different fields to include in this log file, which will make your log content more humane. In fact, the system is through the HTTP.sys handle to deal with the extended log of the consortium, the format of the content is completely filtered by reading the HTTP.sys kernel cache.

The following table lists the various optional fields (the field identification column is the actual parameter name) and its description, and records whether the field defaults to ' contained ' by default column.

Field identification "description" "Default (y)"

The date when the date action occurs. Y

Time when time action occurs (the default is the UTC standard). Y

Client IP address C-IP Access server's client IP address. Y

User name Cs-username The user name of the authenticated access server. Does not include anonymous users (in '-' notation). Y

The service name s-sitename the Internet service name and the instance number accessed by the customer. N

Server name S-computername The name of the server that generated the log entry. N

Server IP Address s-ip The IP address of the server that generated the log entry. Y

The server port S-port the transport layer port that serves the service side. Y

Method Cs-method the behavior that the client performs (primarily the Get and post behavior). Y

URI Stem Cs-uri-stem The resources accessed, such as Default.asp. Y

URI Query cs-uri-query The client-submitted parameters, including get and post behavior. Y

The status of the Protocol is the return state Sc-status described in HTTP or FTP terms, and the behavior is performed. Y

Win32 state Sc-win32-status The State of action described in Microsoft Windows terminology. N

Number of bytes sent sc-bytes the number of bytes sent to the client by the server. N

Accept bytes cs-bytes The number of bytes received by the server from the client. N

Spends time Time-taken the time spent executing this behavior in milliseconds. N

Protocol version cs-version The Protocol (HTTP, FTP) version used by the client. HTTP 1.0 or HTTP 1.1 for HTTP protocol. N

The HTTP header (host header) information for the host Cs-host client. N

Browser version information used by the user Agent CS (user) client. Y

The cookie content that is sent or received by the cookie CS (cookie). N

Referrer CS (Referer) Users browse the previous URL, the current Web site from the link to take over. N

The underlying state of the protocol Sc-substatus some error messages for the underlying state of the Protocol. Y

For more details on the Status Codes field, please visit: "http://go.microsoft.com/fwlink/?LinkId=14381".

Note: In fact, we compare the actual operation will find that "Default" a column is with the objective facts some discrepancy: P.

Here are some examples of "restores":

Case one: A website http://www.test.com a section of the log ex050104.log:

#Software: Microsoft Internet Information Services 6.0

#Version: 1.0

#Date: 2005-01-03 16:00:00

#Fields: Date Time Cs-method cs-uri-stem cs-uri-query C-IP cs Referer sc-status sc-bytes

2005-01-01 16:02:22 get/enterprise/detail.asp id=1612186 70.25.29.53 http://www.test.com/searchout.asp 200 17735 369 4656

Here we can information: This is a Web server with IIS version 6 (via #software identity), the version is 1.0 (#Version标识), the date is 4 o'clock in the afternoon (#Date标识), January 3, 2005, The content (identified by #fields) of the following generated log contents includes the date, time, Clientto Server method, the object being read, the parameters, the client's IP address, the client's last accessed object, the status returned by the service, the Server to client byte, The total amount of time that the server received bytes and the operation that processed the entry. The result of the final restore is:

On January 1, 2005, 4:2 P.M. 22 seconds, the client 70.25.29.53 this IP address submitted a get to our server:

http://www.test.com/Enterprise/detail.asp?id=1612186

Web site request, the URL submitted by the request may be from the http://www.test.com/searchout.asp chain, the operation returned to the "successful Operation" response (successfully completed operation), the operation of the server sent to the client 17,735 bytes of data, The server also received 369 bytes of data, the operation took a total of 4656 milliseconds.

It is not difficult to see from the above knowledge, in fact, we have to monitor the HTTP application layer behavior through the WWW extension log, the following fields are required to record:

Date, time, Cs-method, Cs-uri-stem, Cs-uri-query, C-ip, Cs-version, CS (user), CS (Referer), Sc-status,

Sc-bytes, Cs-bytes, Time-taken, Cs-host, CS (cookies). Explain:

Date and time are needless to say;

Cs-method and Cs-uri-stem, cs-uri-query together, will soon be able to restore c-ip exactly what kind of request;

Sc-status can help us to discern whether the request is successful ' executed ' and thus identify the compliance with this request operation;

Cs-version, CS (user), CS (Referer), Cs-bytes, Cs-host, and CS (cookies) can be used as an analogue fingerprint to identify some unusual requests, such as HTTP detection, HTTP DOS and CC, etc. ;

Cs-bytes, Sc-bytes, and Time-taken can help us to identify the various resources that are consumed by this request (such as the impact on bandwidth, CPU the footprint of memory resources).

After learning the meaning of these parameters, I am very easy to read the Web site access log, from which to analyze the ranking of the disappearance of the initial reasons or main reasons for further adjustment of the optimization provides a basis. Finally, an effective summary, categorization, and comparison approach can help you navigate to the root of the problem more quickly, such as "there are many factors such as" the same or similar value of multiple cs-uri-query, and the timing of the occurrence is almost consistent, and so on, to determine that it may have suffered a CC attack ", etc. The key to see their own understanding.

91SEO Station (www.91seo.net), reproduced please indicate the source.