March 24th 2010

Log Parser 2.2 From Microsoft

I really like ELMAH for logging unhandled exceptions on my websites. Some of the things that it logs are the user’s IP address as well as the page they were attempting to reach and the referring page that they came from. Sometimes though, this isn’t quite enough and I like to look at the IIS log files and try and follow the progression of the user that had the error to get a better idea of what they were up to. Until a few days ago, I had been using notepad to search through the log files which really wasn’t a good way to go about things. I finally did a little searching and came up with Log Parser 2.2 from Microsoft. Granted it is a command line tool, but it is pretty powerful and overall very easy to use if you are even a little familiar with SQL style syntax.

So to search for an IP address with Log Parser 2.2 and PowerShell I am using the following query:

./LogParser.exe "SELECT date, time, cs-uri-stem, cs-method INTO {output-file} FROM {input-file} where c-ip='{ip-address}'"

{output-file} - something like C:\logs\ipsearch.txt
{input-file} - something like C:\logs\u_ex100323.log
{ip-address} - something like

For some more example queries I would recommend taking a look at this server fault post by Jeff Atwood. The Microsoft forums for Log Parser 2.2 are located here.