2

I'm working on a public website that is used by both external visitors and internal employees. I'm after the external visitor hits, but I can't think of a good way to filter out the internal IP ranges.

Using LogParser, what is the best way to filter IISW3C logs by IP range?

This is all I've come up with so far, which can't possibly be the best or most efficient way.

WHERE [c-ip] NOT LIKE (10.10.%, 10.11.%)

Any help is appreciated.

Josh
  • 245
  • 3
  • 8

2 Answers2

1

After a lot of looking, I ended up using what I listed in the question. I still don't think it is the most efficient, but it works and is readable.

WHERE [c-ip] NOT LIKE (10.10.%, 10.11.%)
Josh
  • 245
  • 3
  • 8
  • 1
    we have the same problem on our sites; the load balancer pings the sites constantly and we need to filter that IP out of the logs as well. I'm starting to think there needs to be a pre-processing step where we grep/replace out those lines.. – Jeff Atwood Apr 30 '10 at 16:56
  • Ahh. That's a good idea too. – Josh May 20 '10 at 14:16
0

I always recommend this page from SecurityFocus for parsing log files with LogParser.

GregD
  • 8,713
  • 1
  • 23
  • 35
  • That is a good article (and one I have bookmarked) but they don't really search like I'm trying to do. They do a sub-select for IP addresses appearing elsewhere and some targeted `where c-ip = X OR c-ip = Y` type queries. I'm trying to exclude specific IP blocks. – Josh Feb 01 '10 at 15:26