[Powershell Script - Convert IIS logs to CSV]parsing IIS logs using PowerShell

There are multiple ways to do reporting on the IIS logs, there are various tools available for the same as well, but I thought to play around with string manipulation in PowerShell so got an idea to do a script on parsing and Converting IIS logs to Table format in PowerShell sessions or export to CSV.

The main motive of this post is to give an idea on how can we filter specific logs easily and generate a report out of IIS Logs in CSV format.

So let's start

Let's first get the content of the logs file in a Powershell array, which we want to search through to generate the report, we can loop through each log file if there are more than one log file.

Single File Example:

$logFilepath="D:\Logs\IISLogs.txt" $logdata=(gc $logfilepath)

To search through the multiple files.

$logdata=@()
$logFilePath="D:\Logs\"
foreach ($file in (Get-ChildItem $logFilePath))
{
$logfileData=gc
$logfilepath
$logdata+=$logfileData
}

Now Once we have the Logs consolidated, we can further search through $logdata for logs we are interested in.

Let's say I want to find out how many connection requests has been made by the user "Labadmin" for EWS service?

So to prepare the data into the tabular format, lets first get the table header.

As the 4th line of the logs has all the details, we are going to select that line only using the index no [3], for those who wondering why [3], the index in PowerShell start from [0,1,2,3] etc.

$CsvHeader=$logdata[3]."#Fields: ","")

Now we can do a search through the logs.

$EWSLogs=$logdata | ? {$_ -match "Labadmin" -and $_ -match "EWS"}

This will get us the log entries, where both strings match "Labdmin" and "EWS", we can add more -match to shorten the results,

Now we have the logs we wanted, as the logs file is delimited with space in between what we just need to do is to replace the space with the comma ",".

So let's see how we can do it.

lets first combined our header and EWS logs data to one array.

$FinalData=@() $FinalData+=$CsvHeader $FinalData+=$EWSLogs

Now we will use replace method to replace space with ",".

$Report=@()
foreach ($line in $FinalData)
{
$newline=$line.replace(" ",",")
$Report+=$newline
}

Now Let's convert it to a table form, once we have data in the table form we can work at the object level, or you can just export to CSV.

$Table = Convertfrom-Csv $Report -UseCulture

Now you will have data in Table and can do further analyses if you wish.



Let's further find out how many times this user made EWS connection successfully.

$table | Group-Object -Property sc-status

So this is how we can use PowerShell to do reporting on IIS logs, Please feel free to leave your comments, feedback, and suggestions.

Below is full consolidated script Code used in this post.

$logFilepath = "C:\Users\sunil\Desktop\caslogs.txt"
$logdata = Get-Content $logfilepath

$CsvHeader=$logdata[3].Replace("#Fields: ","")
$EWSLogs=$logdata | ? {$_ -match "Labadmin" -and $_ -match "EWS"}

$FinalData=@()
$FinalData+=$CsvHeader
$FinalData+=$EWSLogs

$Report=@()
foreach ($line in $FinalData){
$newline=$line.replace(" ",",")
$Report+=$newline }

$table = Convertfrom-Csv $Report -UseCulture
$table | Group-Object -Property sc-status

Comments