星外系統IIS日志分析常用的幾個命令小結

命令中的{0}代表源日志文件的路徑，實際運行的時候請替換為真實路徑 
命令中的{1}代表日志導出到的文件的路徑，實際運行的時候請替換為真實路徑 
例如： 
7i24iislog.exe -i:BIN -o:W3C "select siteid,uristem,bytessent from 'd:iislogw3svcsss.ibl' to 'd:a.log' order by bytessent desc" 


1、查詢某IP訪問某網站的某網頁的次數，倒序排列 
7i24iislog.exe -i:BIN -o:W3C "select clientipaddress,siteid,uristem,count(clientipaddress) from '{0}' to '{1}' group by clientipaddress,uristem,siteid order by count(clientipaddress) desc" 

2、某IP訪問整個服務器網站的次數 
7i24iislog.exe -i:BIN -o:W3C "select clientipaddress,count(clientipaddress) from '{0}' to '{1}' group by clientipaddress order by count(clientipaddress) desc" 

3、按照接收數據（用戶上傳）大小排列 
7i24iislog.exe -i:BIN -o:W3C "select siteid,uristem,bytesreceived from '{0}' to '{1}' order by bytesreceived desc" 

4、按照發送數據（用戶下載）大小排列 
7i24iislog.exe -i:BIN -o:W3C "select siteid,uristem,bytessent from '{0}' to '{1}' order by bytessent desc" 

5、檢測PHP發包 
7i24iislog.exe -i:BIN -o:W3C "select siteid,uristem,uriquery from '{0}' to '{1}' where uriquery like '%port=%' and uriquery like '%ip=%'"