How Windows IIS log files are viewed and analyzed

Basic knowledge of the format of IIS files

The IIS format is a fixed (not customizable) ASCII format, and the IIS format includes some basic items, such as the user's IP address, user name, request date and time, service status code, and number of bytes received. In addition, the IIS format includes detailed items such as the time spent, the number of bytes sent, actions (for example, downloads performed by Get commands), and destination files. These items are separated by commas, making the format easier to read than other ASCII formats that use spaces as delimiters. Time is recorded as local time.

Example IIS log file:

--------------------------------------------------------------------------------

#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2007-05-18 05:00:51
2007-05-18 07:17:59 w3svc739 60.28.240.139 get http://www.111cn.net-80-66.249.65.67 mozilla/5.0+ (compatible;+ googlebot/2.1;++http://www.google.com/bot.html) 200 0 0

--------------------------------------------------------------------------------

IIS Log format annotations

Datede: the date on which the activity occurred.
Timede: The time the activity takes place.
C-IPDE: Access the client IP address of the server.
Cs-username: The name of the authenticated user who accessed the server. This does not include anonymous users represented by hyphens (-).
S-sitename: The number of Internet services and instances for the site accessed by the client.
S-computername: The name of the server that generated the log entry.
S-IP: The IP address of the server that generated the log entry.
S-port: The port number to which the client is connected.
Cs-method: An action that the client attempts to perform (such as a Get method).
Cs-uri-stem: A resource visited, such as Default.htm.
Cs-uri-query: The query (if any) the client is trying to execute.
Sc-status: The state of an operation expressed in HTTP or FTP terms.
Sc-win32-status: The state of an operation expressed in the terms used by Windows®.
Sc-bytes: The number of bytes sent by the server.
Cs-bytes: The number of bytes received by the server. Time-taken: The length of time (in seconds) the operation took.
Cs-version: The Protocol (HTTP,FTP) version used by the client. For HTTP, this will be HTTP 1.0 or HTTP 1.1.
Cs-host: Displays the contents of the host header.
CS (user-agent): The browser used on the client.
CS (Cookie): The contents of the cookie that is sent or received, if any.
CS (Referer): User visited the previous site. This site provides links to the current site.

Second, "IIS log Definition"

Client IP Address: The IP address of the requesting client.
User name: The name of the authenticated user who accessed the server. This does not include anonymous users represented by hyphens (-).
Date: the date on which the activity occurred.
Time: The time the activity occurred.
Services and instances: The site instance appears as a W3svc#;ftp site instance displayed as msftpsvc#, where # is an instance of the site.
Computer Name: Network basic input/output system (NetBIOS) name for the server.
IP address of the server: the IP address of the server that provides the service for the request.
Time spent: The length of time (in seconds) the operation took.
Bytes Sent: The number of bytes sent from the client to the server.
Receive bytes: The number of bytes received by the client from the server.
Service Status code: HTTP or FTP status code.
Windows status code: The state of an operation that is represented by a term used by Windows.
Request type: The type of request that the server receives (for example, get and pass).
Action target: Action target URL.
Parameters: Arguments passed to the script

Third, "IIS Common status Code"

1, 200 0 64 status code
64 of the appearance does not represent Baidu to K you, but a large number of 64 does bring a lot of problems, the network can not be reached, for some reason can not completely open the page, or network instability these reasons, causing spiders can not bring back to the page or to say not to crawl the page.

2, 304 0 0

This return code on behalf of the Spider visited the page did not update, and he came before the same time, so see this do not worry, spiders have come, but you did not update, so he is not willing to take this page.

3, 404 0 0

This is the 404 page, but there is a very serious problem, the return code tells us that the spider came to the 404 page and took him away, collapse ~ ~ ~ ~ ~ ~ ~ If this is basically your bad luck, because you have too much 404, then the spider will be constantly crawling, constantly take away, This will cause countless duplicate pages, which eventually lead to K station or down the right, the correct return code is 404 0 64 This means that spiders do not crawl you this page.

4, 500 error

500 error is the server internal error, is caused by the error of the program, I do not understand the program, but 500 errors will give you minus points, this basic logic can be thought of, found 500 errors, immediately see which page, and then to amend the following error bar!

5, 302

It is also necessary to note that a 302 return code is found in the log. 302 for temporary Redirect, if you are long-term redirect this page to another page, trouble you use 301 permanent Redirect, if is 302 then Baidu Spider will visit this page next time, this will cause duplication of a large number of pages of the problem, The result must be K, so check out the following.

"Warm reminder IIS log generally stored path: C:WINDOWSSYSTEM32LOGFILESW3SVC1"