Request methods with ip and user agent

Log Parser Plus example query

Request methods with ip and user agent

This query grabs all requests by method, excluding common GETs and POSTs. Returns ip address and user agents, with count for each, for determining whether any are testing vulnerabilities.

Keywords:

iisw3c

Statement:

logparser -i:w3c -o:w3c "SELECT cs-method, c-ip, cs(User-Agent), COUNT(*) AS [Requests] INTO requestMethods.log FROM u_ex1010*.log WHERE cs-method NOT IN ('GET';'POST') GROUP BY cs-method, c-ip, cs(User-Agent) ORDER BY cs-method, Requests"

Notes: If POSTs aren't used on your site, you may want to remove that exclusion. Leave a comment on this query.

View more examples.