Parsing IIS Logs to PowerShell Objects

I recently had to find all the client IP’s a certain user used to connect to a system, using IIS logs as the source. I know there is a log parser that can be used for this. But I wanted to be able to use the results in another PowerShell script which is why I chose PowerShell to filter the results.

I wrote a small PowerShell cmdLet to convert IIS logs to PowerShell objects so that I could manipulated them easily and pass the results to other cmdLets.

The CmdLet can be found in my GitHub repo. https://github.com/bentaylorwork/PowerShell/blob/master/Scripts/IIS/Convert-IISLogsToObject.ps1

Examples of using the CmdLet below

About the author

Ben Taylor

Cloud and PowerShell enthusiast with a penchant for automation and CI.

View all posts

2 Comments

  • Really helpfull!
    All 404 (file not found) requests:
    (Get-ChildItem -Path “D:\inetpub\logs\logfiles\W3SVC5” -Filter *.log | Sort-Object -Property LastwriteTime -Desc
    ending)[0].Fullname | Convert-IISLogsToObject | Where { $_.’sc-status’ -eq ‘404’} | Group-Object -Property cs-uri-stem |
    Select Count, Name | Format-List

  • +1 on the helpful / thank-you front!

    Used this to find the client IP addresses of all 403.16 errors in some or all IIS log files!

Leave a Reply

Your email address will not be published. Required fields are marked *