Using Log Parser to parse E2K3 front–end IIS logs to know mobile user hits

This document outlines the steps to use sql script to parse front end IIS logs on Exchange 2003 front end servers to know which user/device is making maximum connections to the server and the top 10 users who have downloaded the most attachments which could be the root cause one of the following:

IIS becomes unresponsive causing HTTP, SMTP and WWW service in hang/crash mode
WWW (w3wp process) utilizing maximum CPU/RPC requests
Delay in send/receive emails for mobile users

Pre-requisites

Log Parser tool to be downloaded here

Remember to perform this on all your front end servers

Steps for parsing user/device details:

Download and install log parser to the default location “C:\Program Files\Log Parser 2.2”
Create the folders:
1. C:\Public\Logs
2. C:\Public\LogParserOutput
3. C:\Public\LogParser
4. C:\Public\LogParser\SQL

Note: These folders are not customizable since they have an entry in the sql script

Copy the 3 scripts and paste it to “C:\Program Files\Log Parser 2.2”

Hits_by_User
Get_Attachment_Hits_by_User
Hits_by_DeviceType
Rename the scripts to *.sql
Copy and paste the IIS log from the front end you want to parse to “C:\Public\Logs”
Navigate to command prompt and run the following command as shown:

logparser -i:IISW3C file:Hits_by_user.sql

Navigate to the location: C:\Public\LogParserOutput
and you will see “Hits_By_User.csv”
Open this file in excel and sort by “Hits” and “Pings” and it will show you the user who has made the maximum number of connections and pings to the front end – server.
The output looks like this:
The steps remain same for parsing details for”top 10 users who have downloaded the most attachments”. Use this command instead:

logparser -i:IISW3C file:Get_Attachment_Hits_by_User.sql
The output looks like this:
If you need to parse the details by Device type, use the command:

logparser -i:IISW3C file:Hits_by_DeviceType.sql
The output looks like this: