知方可补不足~利用LogParser将IIS日志插入到数据库-阿里云开发者社区

知方可补不足~利用LogParser将IIS日志插入到数据库

2017-12-07 1239

简介：

+关注继续查看

LogParser是微软开发的一个日志分析工具，它是命令行格式的，我们通过这个工具，可以对日志文件进行操作，对于一个几百兆的log文件，使用记事本打开是件很残酷的事，所以，很多情况下，我们都会将大日志文件的内容插入到数据库中，这样有利于我们更好的去分析系统的日志。

脚本中心给它的定义

Log Parser 2.2 是一个功能强大的通用工具，它可对基于文本的数据（如日志文件、XML 文件和 CSV 文件）以及 Windows 操作系统上的重要数据源（如事件日志、注册表、文件系统和 Active Directory）进行通用查询。只要告诉 Log Parser 您所需的信息以及您希望如何处理这些信息，它就能很好地完成任务。查询结果可以是基于文本的自定义格式输出，也可以针对更特定的目标（如 SQL、SYSLOG 或图表）进行保存。大多数软件都是为完成有限几个特定任务而设计的。Log Parser 却不一样。只要用户需要，只要用户能想到，它都可以实现。只要使用 Log Parser，世界就是您的数据库。

建立日志数据库和数据表

USE [Log_IIS]
GO

/****** Object:  Table [dbo].[Online_tj]    Script Date: 10/28/2011 17:08:28 ******/
IF  EXISTS (SELECT * FROM sys.objects WHERE object_id = OBJECT_ID(N'[dbo].[Online_tj]') AND type in (N'U'))
DROP TABLE [dbo].[Online_tj]
GO

USE [Log_IIS]
GO

/****** Object:  Table [dbo].[Online_tj]    Script Date: 10/28/2011 17:08:28 ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO

SET ANSI_PADDING ON
GO

CREATE TABLE [dbo].[Online_tj](
    [ID] [int] IDENTITY(1,1) NOT NULL,
    [logtime] [datetime] NULL,
[s_ip] [varchar](255) NULL,
    [cs_method] [varchar](255) NULL,
    [cs_uri_stem] [varchar](255) NULL,
    [cs_uri_query] [varchar](1024) NULL,
    [s_port] [int] NULL,
    [cs_username] [varchar](255) NULL,
    [c_ip] [varchar](255) NULL,
    [cs_User_Agent] [varchar](255) NULL,
    [sc_status] [int] NULL,
    [sc_substatus] [int] NULL,
    [sc_win32_status] [int] NULL,
    [time_taken] [int] NULL,
 CONSTRAINT [PK__Online_tj__164452B1] PRIMARY KEY CLUSTERED 
(
    [ID] ASC
)WITH (PAD_INDEX  = OFF, STATISTICS_NORECOMPUTE  = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS  = ON, ALLOW_PAGE_LOCKS  = ON) ON [PRIMARY]
) ON [PRIMARY]

GO

SET ANSI_PADDING OFF
GO


USE [Log_IIS]
/****** Object:  Index [IX_Online_tj_CI_LCCC]    Script Date: 10/28/2011 17:08:29 ******/
CREATE NONCLUSTERED INDEX [IX_Online_tj_CI_LCCC] ON [dbo].[Online_tj] 
(
    [cs_uri_stem] ASC,
    [ID] ASC
)
INCLUDE ( [logtime],
[c_ip],
[cs_uri_query],
[cs_User_Agent]) WITH (PAD_INDEX  = OFF, STATISTICS_NORECOMPUTE  = OFF, SORT_IN_TEMPDB = OFF, IGNORE_DUP_KEY = OFF, DROP_EXISTING = OFF, ONLINE = OFF, ALLOW_ROW_LOCKS  = ON, ALLOW_PAGE_LOCKS  = ON) ON [PRIMARY]
GO


USE [Log_IIS]
/****** Object:  Index [ix_Online_tj_logtime]    Script Date: 10/28/2011 17:08:29 ******/
CREATE NONCLUSTERED INDEX [ix_Online_tj_logtime] ON [dbo].[Online_tj] 
(
    [logtime] ASC
)WITH (PAD_INDEX  = OFF, STATISTICS_NORECOMPUTE  = OFF, SORT_IN_TEMPDB = OFF, IGNORE_DUP_KEY = OFF, DROP_EXISTING = OFF, ONLINE = OFF, ALLOW_ROW_LOCKS  = ON, ALLOW_PAGE_LOCKS  = ON) ON [PRIMARY]
GO

添加SQL脚本

/*

    logparser file:tj_insert.sql?start=starttime+end=endtime+log=logfilename
    input parameter:
            start    -    starttime    example:1:00:00 or 18:00:00
            end    -    endtime        example:1:09:59    or 18:59:59
            log    -    logfilename    example:ex10111601 or ex10111618
            
*/

Select TO_TIMESTAMP(date,time), TO_TIMESTAMP(date,time), s-ip, cs-method, cs-uri-stem, cs-uri-query, s-port, cs-username, c-ip,
    cs(User-Agent), sc-status, sc-substatus, sc-win32-status, time-taken
INTO
Log_IIS.dbo.Online_tj
FROM
E:\tj\IISLog\W3SVC10\%log%.log
WHERE TO_LOCALTIME(Time) BETWEEN TO_TIMESTAMP('%start%','h:mm:ss') AND TO_TIMESTAMP('%end%','h:mm:ss')

添加VBS自动导入数据脚本

d = DateAdd("n", -6, Now())
strDate = Right(""&(100+Year(d)),2) & Right(""&(100+Month(d)),2) & Right(""&(100+Day(d)),2)

strHr = Hour(time())
strMin = Minute(time())
starttime = timeserial(strHr, strMin - 6, 0)
endtime = timeserial(strHr, strMin - 2, 59)

strHr = Right(""&(100+Hour(starttime)),2)
logfilename = "u_ex" & strDate 
Set WshShell = Wscript.CreateObject("Wscript.Shell")

Wscript.Echo starttime &":"& endtime &":"&logfilename

strCMD = "Cmd /k LogParser  file:E:\tj\tj_insert.sql?start=" & starttime &_
     "+end=" & endtime & "+log=" & logfilename &_
     " -iw:ON -i:iisw3c -o:sql -oConnString:""Driver={SQL Server};Server=(local);db=Log_IIS;uid=sa;pwd=123"""
Wscript.Echo strCMD
WshShell.run strCMD, 1, false