The server has recently suffered hacker intrusion. Intruders are skilled, delete IIS log files to erase traces, you can go to the Event Viewer to look at the warning message from W3SVC, often find some clues. Of course, for Web servers with very large access, it is almost impossible to rely on manual analysis-there's too much data! A Third-party log analysis tool can be used to describe only one of the IIS log analyzers named dot. It is a free log analysis tool that can analyze IIS 4/5, Apache, and other log files. The software is simple and easy to use
Software name: Dot IIS Log Analyzer 2.0 Green Edition
1: Run IISLogViewer.exe, start the IIS Log Analysis tool, the interface is as follows:
2: You can select a single IIS log file analysis or the entire site folder for analysis, click on "Volume Folder", select the IIS log file directory to be analyzed, as shown below:
2-1: When you select the IIS log files or folders that you want to analyze, the default produces a log list, which includes the log file name and file size, as shown in the following figure:
3: Click "Summary Statistics", you can count the basic access information listed files, the following figure, is loading:
3-1: "Summary statistics" after loading completed, will display all the files of the search engines and non-search engine basic access information, as shown below:
4: Toggle "View Details", you can select the log file can be analyzed for a single IIS log file, here The example is analyzed by the status code, the right side shows the status code statistics for the log, and there is a basic description of the status code, as follows:
5: Double-click the "Status Code" cell to enter "status code detail" Analysis, can be analyzed for a single status code, at the same time, on the right, can also be "search engine category" Display, click on the right "list cell", will be shown in the left below the IP details, double-click the "IP Details" item, will be pop-up page display IP location, The following figure:
6: In addition to the status Code analysis, switching "24 hours", can also be analyzed by the time period, on the right to show the period of 24 hours of search engines and non-search engine access, the following figure:
7: Double-click the information in the 24 hour list cell will eject "24 hour detail", carries on the time period more detailed analysis, the following figure, also may according to "the Search engine classification" display, clicks the list cell information, may also display the IP detail, double click IP Details, also will pop-up the webpage display IP address.
Finally, under the Help menu, the status Code Help document is available for informational purposes only.