Log Parser Plus example query
Request methods with ip and user agent
This query grabs all requests by method, excluding common GETs and POSTs. Returns ip address and user agents, with count for each, for determining whether any are testing vulnerabilities.
Keywords:
- iisw3c
Statement:
Notes: If POSTs aren't used on your site, you may want to remove that exclusion.
Leave a comment on this query.
logparser -i:w3c -o:w3c "SELECT cs-method, c-ip, cs(User-Agent), COUNT(*) AS [Requests] INTO requestMethods.log FROM u_ex1010*.log WHERE cs-method NOT IN ('GET';'POST') GROUP BY cs-method, c-ip, cs(User-Agent) ORDER BY cs-method, Requests"
blog comments powered by Disqus