
iislog is a tool for fast search events in logs

Primary LanguageGo


iislog is a tool for fast search events in logs files produced by one or more IIS servers. Searches can be done for:

  • user
  • errors
  • long queries
  • url parts

Reports can be limited to a range of dates or hours. Static files can be ignored in the result.

Result is send to console, in CSV format. First line has header. Example:

isslogs.exe --from-days-ago=12 --hide-assets --errors Logs-IIS\*IIS*.zip
"2017-01-31 09:08:40";500.0;;DOMAIN\user;/myapp/;"|121|800a0046|File:___Permission_denied__Error_opening_log_file_C:\Windows\TEMP\API.Log";2246;2.246s;"Module or ISAPI error occurred"
"2017-01-31 10:34:43";500.0;;DOMAIN\user;/myapp/;"|121|800a0046|File:___Permission_denied__Error_opening_log_file_C:\Windows\TEMP\API.Log";1216;1.216s;"Module or ISAPI error occurred"
"2017-01-31 10:35:03";404.0;;-;/myapps/;"-";93;93ms;"Not found"
"2017-01-31 10:35:14";500.0;;DOMAIN\user;/myapp/;"|121|800a0046|File:___Permission_denied__Error_opening_log_file_C:\Windows\TEMP\API.Log";889;889ms;"Module or ISAPI error occurred"


usage: iislog [<flags>] <file>...

a tool for searching in IIS logs files.

  Author jfc@responsiveconsulting.fr

  --help                   Show context-sensitive help (also try --help-long and
  --from=DATETIME          get logs from 'DATETIME' UTC
  --to=DATETIME            get logs to 'DATETIME' UTC
  --from-days-ago=DAYS     get logs from DAYS ago
  --to-days-ago=DAYS       get logs until DAYS before today
  --since=DURATION         get logs since DURATION. DURATION can be like 2s,
  --url=URL ...            Reports lines containing url. Several --url options
                           can be given. Lines are reported whenever one url
  --user=USER ...          Reports lines from authenticated USER. Several --user
                           options can be given. Lines are reported whenever an
                           user matches
  --errors                 filter logs on protocol errors (4xx and 5xx)
  --hide-assets            hide assets (html,gif,ico,css,jpg,png,js) from result
  --long-queries=DURATION  show queries longer than 'DURATION'. Accepted values
                           like 200ms, 3s, 1m...

  <file>  file, path, zip archive


  • Limit search between dates time
  • Search across several files
  • Search in zipped logs
  • Search errors 4xx and 5xx
  • List all log entries
  • Sort by date time entries coming from several servers logs
  • List long queries
  • List queries from an user
  • List queries to an URL
  • Nice unescaped reported queries