MSExchangeGuru.com

Learn Exchange the Guru way !!!

 

Using Log Parser to parse E2K3 front–end IIS logs to know mobile user hits

This document outlines the steps to use sql script to parse front end IIS logs on Exchange 2003 front end servers to know which user/device is making maximum connections to the server and the top 10 users who have downloaded the most attachments which could be the root cause one of the following:

  1. IIS becomes unresponsive causing HTTP, SMTP and WWW service in hang/crash mode
  2. WWW (w3wp process) utilizing maximum CPU/RPC requests
  3. Delay in send/receive emails for mobile users

Pre-requisites

Log Parser tool to be downloaded here

Remember to perform this on all your front end servers

Steps for parsing user/device details:

  1. Download and install log parser to the default location “C:\Program Files\Log Parser 2.2”
  2. Create the folders:
    1. C:\Public\Logs
    2. C:\Public\LogParserOutput
    3. C:\Public\LogParser
    4. C:\Public\LogParser\SQL

Note: These folders are not customizable since they have an entry in the sql script

  1. Copy the 3 scripts and paste it to “C:\Program Files\Log Parser 2.2”

    Hits_by_User
    Get_Attachment_Hits_by_User
    Hits_by_DeviceType

  2. Rename the scripts to *.sql
  3. Copy and paste the IIS log from the front end you want to parse to C:\Public\Logs”
  4. Navigate to command prompt and run the following command as shown:

    logparser -i:IISW3C file:Hits_by_user.sql

  1. Navigate to the location: C:\Public\LogParserOutput
    and you will see “Hits_By_User.csv”
  2. Open this file in excel and sort by “Hits” and “Pings” and it will show you the user who has made the maximum number of connections and pings to the front end – server.
  3. The output looks like this:


  4. The steps remain same for parsing details for”top 10 users who have downloaded the most attachments”. Use this command instead:

    logparser -i:IISW3C file:Get_Attachment_Hits_by_User.sql

  5. The output looks like this:


  6. If you need to parse the details by Device type, use the command:

    logparser -i:IISW3C file:Hits_by_DeviceType.sql

  7. The output looks like this:

Ratish Nair
MVP Exchange
Team@ MSExchangeGuru

Exchange 2003 log parser iis logs

One Response to “Using Log Parser to parse E2K3 front–end IIS logs to know mobile user hits”

  1. Mike Says:

    I’ve tried running this several times over and the element processed are 1484848 but the elements output: is always 0.

Leave a Reply

ad

Categories

Archives