Examples of configuring and managing IIS log files with Windows PowerShell.
#
# Configuring and Managing IIS Log Files with PowerShell
#
# Book.......: Packt Windows Server 2012 Automation with PowerShell Cookbook
# Location...: Chapter 3: Configuring and Managing Log Files
# Link.......: https://www.packtpub.com/networking-and-servers/windows-server-2012-automation-powershell-cookbook
#
# Import the IIS `WebAdministration` Module
Import-Module WebAdministration
#
# To show configured IIS sites:
# -----------------------------------------------------------------------------
Get-ChildItem IIS:\Sites
#
# Configuring IIS Logging
# -----------------------------------------------------------------------------
# To change the IIS logging directory:
Set-ItemProperty 'IIS:\Sites\Default Web Site' -Name logFile.directory -Value 'C:\Logs\IIS'
# To change the logging type:
Set-ItemProperty 'IIS:\Sites\Default Web Site' -Name logFile.logFormat 'W3C'
# To change logging frequency:
Set-ItemProperty 'IIS:\Sites\Default Web Site' -Name logFile.period -Value Weekly
# To change logging to use a maximum size:
Set-ItemProperty 'IIS:\Sites\Default Web Site' -Name logFile.period -Value MaxSize
# To change the size at which the log file contents will be truncated (20971520 bytes = 20 megabytes):
Set-ItemProperty 'IIS:\Sites\Default Web Site' -Name logFile.truncateSize 20971520
# To disable logging:
Set-ItemProperty 'IIS:\Sites\Default Web Site' -Name logFile.enabled -Value False
#
# Search for any IIS log file older than 7 days and delete it.
# -----------------------------------------------------------------------------
$daysOld = 7
$logDirs = Get-ChildItem -Path IIS:\Sites | Get-ItemProperty -name logFile.directory.value | Select -Unique
foreach ($logDir in $logDirs)
{
# `ExpandEnvironmentVariables` converts any system variables
# (such as %SystemDrive%) into its fully qualified path.
$logDir = [Environment]::ExpandEnvironmentVariables($logDir)
Get-ChildItem -Path $logDir -Recurse | Where-Object LastWriteTime -lt (Get-Date).AddDays(-$daysOld) | Remove-Item
}
#
# Reporting on Web Site Access And Errors
# -----------------------------------------------------------------------------
Function Parse-IISLogs
{
Import-Module WebAdministration
# Identify the IIS logging directory:
$logFile = Get-ItemProperty 'IIS:\Sites\Default Web Site' -Name logFile.directory.value
$logFile = [Environment]::ExpandEnvironmentVariables($logFile)
# Export log files to a temporary CSV file:
$logFile += "\*\*.log"
(Get-Content $logfile | Where-Object {$_ -notlike "#[S,V,D]*"}) -replace "#Fields: ","" | Out-File $env:temp\webLog.csv
# Import the CSV file to memory
$webLog = Import-Csv $env:temp\webLog.csv -Delimiter " "
# Parse the CSV file for the top files:
Write-Host "Top 3 files`n"
$webLog | Group-Object -property 'cs-uri-stem' | Sort-Object -Property Count -Descending | Select-Object Count, Name -First 3 | Out-String
# Parse the CSV file for the top 3 referrers:
Write-Host "Top 3 referers`n"
$webLog | Group-Object -property 'cs(Referer)' | Sort-Object -Property Count -Descending | Select-Object Count, Name -First 3 | Out-String
# Parse the CSV file for the top 3 user agents:
Write-Host "Top 3 agents`n"
$webLog | Group-Object -property 'cs(User-Agent)' | Sort-Object -Property Count -Descending | Select-Object Count, Name -First 3 | Out-String
# Parse the CSV file for the top 3 404 errors:
Write-Host "Top 3 File Not Found (404)`n"
$webLog | Where-Object sc-status -eq 404 | Group-Object -Property 'cs-uri-stem' | Sort-Object -Property Count -Descending | Select-Object Count, Name -First 3 | Out-String
# Clean up:
Remove-Item $env:temp\webLog.csv
}