Summarizing the IPs that visit a site


Summarizing the IPs that visit a site
View
Options
Author
Message
GregD
GregD
GregD
posted 4 Weeks Ago
New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)
Group: Forum Members
Posts: 1, Visits: 14
Hello folks - I host e-commerce sites and have to deal with researching hacking events.

My typical strategy is to paste the IIS server logs into a Word document, then I use a series of macros.  I remove all references to objects (images, .css, .js, etc.) from the document.  This way I am left with only the calls to specific files.  Once I have the log entries narrowed down, I use another macro to summarize the top IPs that visited the site.  Then I use another macro to facilitate limiting copies of those logs to the traffic based on selected IPs.  I'm able to scroll through those documents in order to look for mischief.

A set of logs that I am currently dealing with are large enough that it's become a challenge, in that the files are large enough to bog down the process such that it takes forever.  So I'm looking for more efficient means of tackling this task.

I discovered this tool yesterday, and have not seen a means of producing the sort of summary that I am posting below.  Can the tool be used to isolate all of the IPs, and tell me how many hits on pages that IP was responsible for?  Thanks.

13.74.149.232    1114
40.84.18.217    832
52.169.180.58    467
192.42.116.192    444
52.178.210.189    411
52.169.183.46    377
52.169.5.45    377
52.169.180.88    377
52.169.88.234    377
Reply Like 0
LogViewPlus Support
LogViewPlus Support
LogViewPlus Support
posted 3 Weeks Ago
Supreme Being (12K reputation)Supreme Being (12K reputation)Supreme Being (12K reputation)Supreme Being (12K reputation)Supreme Being (12K reputation)Supreme Being (12K reputation)Supreme Being (12K reputation)Supreme Being (12K reputation)Supreme Being (12K reputation)
Group: Moderators
Posts: 1.2K, Visits: 4.3K
Hi Greg,

Yes, this is definitely something LogViewPlus can do.  LogViewPlus uses a built in SQL engine so you will need to determine the appropriate SQL statement.  Here are a few SQL examples when working with IIS Web Server log files.

I would suggest playing around in the SQL Scratchpad before creating a Dashboard.

If you are new to SQL, I would suggest Copying an AI Prompt to your clipboard by right-clicking in the SQL editor.



A SQL Prompt contains a description of the data you are trying to query.  You can use this in an AI chatbot to help you find the query you are looking for.

In your case, I suspect you are looking for a query like:

SELECT TOP 10 c-ip AS Machine, 
     COUNT(*) AS Requests 
FROM CurrentView
GROUP BY Machine
ORDER BY Requests DESC

Hope that helps,

Toby
Reply Like 0
GO

Merge Selected

Merge into selected topic...



Merge into merge target...



Merge into a specific topic ID...



Submit

Similar Topics

Post Quoted Reply

Login

Explore
Messages
Mentions
Search