[转载]整理了几条 LogParser 命令

[转载]http://www.room702.cn/index.php/archives/244

注入分析：
LogParser "select time,c-ip,cs-uri-stem,cs-uri-query,sc-status,cs(User-Agent) from ex080228.log where cs-uri-query LIKE '%select%'"

查询日志文件：ex080228.log ， 查询关键字：select

==================================================

反射型XSS分析：
LogParser "select time,c-ip,cs-uri-stem,cs-uri-query,sc-status,cs(User-Agent) from ex080228.log where cs-uri-query LIKE '%<script>%'"

查询日志文件：ex080228.log ，查询关键字：<script>

==================================================

特定时间记录搜索：
LogParser "select time,c-ip,cs-uri-stem,cs-uri-query,sc-status,cs(User-Agent) from ex080228.log where time between TIMESTAMP( '09:07:00', 'hh:mm:ss' ) and TIMESTAMP( '09:08:00', 'hh:mm:ss' )"

查询日志文件：ex080228.log ，搜索时间段：09:07:00 至 09:08:00

==================================================

根据IP地址统计访问情况：
LogParser "select date,time,c-ip,cs-uri-stem,cs-uri-query,cs(User-Agent),sc-status from ex080228.log WHERE IPV4_TO_INT(c-ip) BETWEEN IPV4_TO_INT('172.16.9.0') AND IPV4_TO_INT('172.16.9.255')" 

查询日志文件：ex080228.log ， 搜索IP段：172.16.9.0/24

==================================================

目录猜解搜索：
LogParser "select time,c-ip,count(time) as BAD from ex080228.log where sc-status=404 group by time,c-ip having BAD>5"

查询日志文件：ex080228.log ， 搜索错误次数大于N次：5

==================================================

表单破解搜索：
LogParser "select time,c-ip,cs-uri-stem,count(time,cs-uri-stem) as BAD from ex090609.log where sc-status=200 and cs-method='POST' group by time,c-ip,cs-uri-stem having BAD>4"

查询日志文件：ex090609.log ， 搜索同一秒内POST次数大于N次：4

==================================================

异常User-Agent搜索：
LogParser "select time,c-ip,cs-uri-stem,cs-uri-query,sc-status,cs(User-Agent) from ex080228.log where cs(User-Agent) NOT LIKE 'Mozilla%'"

查询日志文件：ex080228.log ， 搜索User-Agent：全部未以Mozilla开头的User-Agent

==================================================

不正常的HTTP Method
LogParser "select time,c-ip,cs-method,cs-uri-stem from ex090609.log where cs-method in ('HEAD';'OPTIONS';'PUT';'MOVE';'COPY';'TRACE';'DELETE')"

查询日志文件：ex090609.log ， 搜索异常方法：('HEAD';'OPTIONS';'PUT';'MOVE';'COPY';'TRACE';'DELETE')"