MS Log Parser 2.2查询错误

时间:2015-08-04 18:09:07

标签: c# vb.net iis logparser iis-logs

我正在尝试确定用户是否使用MS Log Parser 2.2从FTP下载了文件

虽然我已经使用了几个样本查询,但我还是无法获得解析器SQL查询。

Water Down Parser Query不起作用: 

strSQL = "SELECT date,COUNT(*) AS downloads,c-ip "
strSQL = strSQL & "FROM C:\temp\Log\*.log "
strSQL = strSQL & "WHERE cs-method='RETR' "
strSQL = strSQL & "GROUP BY date,c-ip "

错误: 

RecordSet cannot be used at this time [Unknown Error]

问题:

如何创建查询:

 - SELECT Date and Time of download
 - Where user = 'xxx' 
 - WHERE RETR = is a download
 - WHERE Filename = u_ex150709.log or xxx

欢迎使用C#中的答案

VB.net代码: 

Dim rsLP As ILogRecordset = Nothing
Dim rowLP As ILogRecord = Nothing

Dim LogParser As LogQueryClassClass = Nothing
Dim W3Clog As COMW3CInputContextClassClass = Nothing

Dim UsedBW As Double = 0
Dim Unitsprocessed As Integer

Dim strSQL As String = Nothing

LogParser = New LogQueryClassClass()
W3Clog = New COMW3CInputContextClassClass()

Try

strSQL = "SELECT date,COUNT(*) AS downloads,c-ip "
strSQL = strSQL & "FROM C:\temp\Log\*.log "
strSQL = strSQL & "WHERE cs-method='RETR' "
strSQL = strSQL & "GROUP BY date,c-ip "

'run the query against W3C log
rsLP = LogParser.Execute(strSQL, W3Clog)

'Error occurs in the line below
rowLP = rsLP.getRecord()

1 个答案:

答案 0 :(得分:3)

  

就像你一样,我编写了利用LogParser的工具,例如   http://eventanalyser.appointmentsbook.com/

虽然早在2004年(使用.Net 1.1)我没有下载的好处:https://visuallogparser.codeplex.com/

检查他们的源代码,让您的查询在其中工作(VisualLogParser),然后在您的项目中简单地引用它并享受开源社区的优点。

关于FTP leeching的查询,以下是MSDN文章:http://blogs.msdn.com/b/robert_mcmurray/archive/2010/09/02/detecting-ftp-leeches-with-logparser.aspx 

SELECT date,COUNT(*) AS downloads,c-ip,x-session
FROM *.log
WHERE cs-method='RETR'
GROUP BY date,c-ip,x-session
HAVING COUNT(*) > 100

在查看我创建的GUI以动态创建时,有一点可以看出你的查询,你遗漏了文件路径周围的单引号: 

strSQL = strSQL & "FROM C:\temp\Log\*.log "

试试这个:

strSQL = strSQL & "FROM 'C:\temp\Log\*.log' "

(并使用StringBuilder,而不是字符串连接...只是为了养成最佳实践的习惯)

按照:

enter image description here

  

如果引号首先没有解决问题,那么尝试单个日志文件而不是   通配符*.log以缩小语法错误。 LogParser不是   旨在帮助诊断问题查询,而不是Gabriele   Giuseppini设计了它to be fast, very fast

相关问题
最新问题