命令中的{0}代表源日志文件的路径,实际运行的时候请替换为真实路径
命令中的{1}代表日志导出到的文件的路径,实际运行的时候请替换为真实路径
例如:
7i24iislog.exe -i:BIN -o:W3C \”select siteid,uristem,bytessent from \’d:\\iislog\\w3svc\\sss.ibl\’ to \’d:\\a.log\’ order by bytessent desc\”
1、查询某IP访问某网站的某网页的次数,倒序排列
7i24iislog.exe -i:BIN -o:W3C \”select clientipaddress,siteid,uristem,count(clientipaddress) from \'{0}\’ to \'{1}\’ group by clientipaddress,uristem,siteid order by count(clientipaddress) desc\”
2、某IP访问整个服务器网站的次数
7i24iislog.exe -i:BIN -o:W3C \”select clientipaddress,count(clientipaddress) from \'{0}\’ to \'{1}\’ group by clientipaddress order by count(clientipaddress) desc\”
3、按照接收数据(用户上传)大小排列
7i24iislog.exe -i:BIN -o:W3C \”select siteid,uristem,bytesreceived from \'{0}\’ to \'{1}\’ order by bytesreceived desc\”
4、按照发送数据(用户下载)大小排列
7i24iislog.exe -i:BIN -o:W3C \”select siteid,uristem,bytessent from \'{0}\’ to \'{1}\’ order by bytessent desc\”
5、检测PHP发包
7i24iislog.exe -i:BIN -o:W3C \”select siteid,uristem,uriquery from \'{0}\’ to \'{1}\’ where uriquery like \’%port=%\’ and uriquery like \’%ip=%\’\”
