Searching logs for IP address

Forum Moderators: open

Message Too Old, No Replies

Searching logs for IP address

Windows 2003 log files - finding IP hits

venton

6:31 am on Oct 14, 2006 (gmt 0)

I host a web site on Windows 2003 with IIS 6. I have my log files created fresh every hour to keep them manageable.

Occassionaly I get an IP doing something which I don't like so I want to look at the log files to find what activity there has been.
I can of course open each log file in notepad and use 'find' to see the IP hits.

It would be much simpler to use the explorer search facility and search the whole log file directory for files with 'a word or phrase in file'.

There must be something about the layout of an IP address (eg 111.112.113.114) that confuses this facility as the 'search within files' never returns any results, even though I know the IP is in there somewhere.

Anyone know a way round this? Thanks.

Ocean10000

11:26 pm on Oct 15, 2006 (gmt 0)

Microsoft has a nice free tool that can do what you want too.

Log Parser 2.2 [microsoft.com]

Download Log Parser 2.2 [microsoft.com]

Forensic Log Parsing with Microsoft's LogParser [securityfocus.com] for examples how you can use this tool.

venton

8:36 am on Oct 16, 2006 (gmt 0)

Thanks so much. What a brilliant tool - wish I knew about it years ago.

blend27

1:28 am on Oct 18, 2006 (gmt 0)

if you are into programming, you could always have a logging algoritm on the website reporting upto the second in place(coded), stored in a DB for example.

venton

4:50 pm on Oct 19, 2006 (gmt 0)

Thanks for the tips.

If someone else wants to do this here is the basic command you need:

logparser "select top 100 * into results.txt from ex*.* where c-ip = 'nnn.nnn.nnn.nnn'"

This puts all the log entries into a text file you can browse.