When managing intranet sites on legacy IIS6 servers, log analysis becomes crucial for security auditing, performance optimization, and usage pattern tracking. Unlike public websites, intranet logs often contain sensitive internal traffic patterns that require secure analysis tools.
// Sample PowerShell script to preprocess IIS logs before analysis
Get-ChildItem "C:\inetpub\logs\LogFiles\W3SVC1\" -Filter "*.log" |
ForEach-Object {
Import-Csv $_.FullName -Delimiter " " -Header @("date","time","s-ip","cs-method","cs-uri-stem","cs-uri-query","s-port","cs-username","c-ip","cs(User-Agent)","sc-status","sc-substatus","sc-win32-status","time-taken")
| Export-Csv "processed_$($_.Name)" -NoTypeInformation
}For ASP.NET solutions, LogParser Studio (Microsoft's free tool) provides excellent GUI-based analysis with prebuilt queries. The Lizard Labs Log Parser is another robust option that works directly with .LOG files.
<?php
// Basic PHP log parser for IIS format
function parseIISLog($file) {
$pattern = '/^(\S+) (\S+) (\S+) (\S+) (\S+) (\S+) (\S+) (\S+) (\S+) (\S+) (\S+)/';
$entries = [];
foreach(file($file) as $line) {
if(preg_match($pattern, $line, $matches)) {
$entries[] = [
'date' => $matches[1],
'time' => $matches[2],
'client_ip' => $matches[9],
'method' => $matches[4],
'uri' => $matches[5]
];
}
}
return $entries;
}
?>- Native IIS6 log format support (W3C Extended format)
- Authentication tracking for intranet user monitoring
- Low-resource operation (important for older servers)
- IP address anonymization options for privacy compliance
When deploying on IIS6, ensure your chosen solution:
- Runs under Medium Trust if using ASP.NET
- Has proper permissions to access log folders
- Can handle large log files (common in intranet environments)
// Web.config snippet for ASP.NET Medium Trust
<system.web>
<trust level="Medium" />
</system.web>When working with IIS6 intranet sites, analyzing server logs can be challenging without proper tools. Here are some robust freeware solutions that work particularly well with ASP.NET and PHP hosted on IIS6:
Microsoft's free Log Parser Studio (LPS) is a powerful option that provides SQL-like query capabilities for IIS logs. Example query for tracking intranet traffic:
SELECT
cs-uri-stem AS Page,
COUNT(*) AS Hits,
AVG(time-taken) AS AvgTime
FROM ex*.log
WHERE cs-username IS NOT NULL
GROUP BY cs-uri-stem
ORDER BY Hits DESC
This lightweight analyzer offers excellent visualization for intranet traffic patterns. It supports:
- Hourly/daily/weekly traffic reports
- User activity tracking
- Bandwidth consumption analysis
While not a full analyzer, BareTail is excellent for watching live intranet logs:
// Sample PowerShell script to filter intranet logs
Get-Content C:\logs\W3SVC1\ex*.log -Wait |
Where-Object { $_ -match "192\.168\." } |
Out-File filtered_intranet.log
For developers needing custom solutions, here's a basic ASP.NET log parser:
protected void ParseLogs(object sender, EventArgs e)
{
string logPath = @"C:\inetpub\logs\LogFiles\W3SVC1";
var logs = Directory.GetFiles(logPath, "*.log");
var results = from log in logs
from line in File.ReadLines(log)
where line.Contains("POST") || line.Contains("GET")
group line by line.Split(' ')[4] into g
select new {
Page = g.Key,
Count = g.Count()
};
GridView1.DataSource = results;
GridView1.DataBind();
}
A simple PHP script to process logs:
10) {
$page = $parts[4];
@$stats[$page]++;
}
}
arsort($stats);
echo "Intranet Page Access Statistics
";
echo "Page Hits $page $count
";
?>
- User authentication tracking works differently in intranet environments
- Internal IP ranges should be properly classified
- Consider privacy implications when analyzing employee access patterns