Subscribe to My FeedRSS Feed

Using Log Parser: get website usage statistics.

Wednesday, 28 October 2009 16:13 by myro

Microsoft Log Parser is a great tool when it comes to parse your IIS Log files. But probably you will need something more usable than a command line program: here comes the excellent tool provided by Lizard Labs: Log Parser Lizard GUI (free edition).

With this program you can query you IIS Log using a SQL-Like syntax and export your results into excel. Using Log Parser you can obtain almost any kind of information that is incapsulated into your IIS's logs. For example if you want to know, how many Http Requests (Hits) did a particular site on your web server gets  since a certain date you can run:

SELECT  date as Data, cs-username as Utente, cs-uri-stem as Url, COUNT(cs-uri-stem) as Hits
FROM 'c:\YOUR_IIS_LOG_FOLDER\ex*.log'
WHERE (cs-uri-stem NOT LIKE '%.jpg' AND
 cs-uri-stem NOT LIKE '%.gif'  AND
 cs-uri-stem NOT LIKE '%.css' AND
 cs-uri-stem NOT LIKE '%.js'  AND
 cs-username  <> null AND
 cs-uri-stem LIKE '%/YOURSITE/YOURFOLDER/%'  AND
 date >= '2009-01-01'

)
GROUP BY Data , Utente, cs-uri-stem
ORDER BY Data, Utente, Hits

As you can see, i have excluded different file types extensions, because i'm not interested in this kind of files. If you are intersted in tracking only aspx file extensions, you should modify the query in appropriate way.

Important searcheble IIS log fields are described into this table:

Table 1: IIS Log Fields

Field Name Description Uses
Date (date) The date of the request. Event correlation.
Time (time) The UTC time of the request. Event correlation, determine time zone, identify scanning scripts.
Client IP Address
(c-ip)		 The IP address of the client or proxy that sent the request. Identify user or proxy server.
User Name
(cs-username)		 The user name used to authenticate to the resource. Identify compromised user passwords.
Service Name
(s-sitename)		 The W3SVC instance number of the site accessed. Can verify the site accessed if the log files are later moved from the system.
Server Name
(s-computername)		 The Windows host name assigned to the system that generated the log entry. Can verify the server accessed if the log files are later moved from the system.
Server IP Address
(s-ip)		 The IP address that received the request. Can verify the IP address accessed if the log files are later moved from the system or if the server is moved to a new location.
Server Port
(s-port)		 The TCP port that received the request. To verify the port when correlating with other types of log files.
Method
(cs-method)		 The HTTP method used by the client. Can help track down abuse of scripts or executables.
URI Stem
(cs-uri-stem)		 The resource accessed on the server. Can identify attack vectors.
URI Query
(cs-uri-query)		 The contents of the query string portion of the URI. Can identify injection of malicious data.
Protocol Status
(sc-status)		 The result code sent to the client. Can identify CGI scans, SQL injection and other intrusions.
Win32 Status
(sc-win32-status)		 The Win32 error code produced by the request. Can help identify script abuse.
Bytes Sent
(sc-bytes)		 The number of bytes sent to the client. Can help identify unusual traffic from a single script.
Bytes Received
(cs-bytes)		 The number of bytes received from the client. Can help identify unusual traffic to a single script.
Time Taken
(time-taken)		 The amount of server time, in milliseconds, taken to process the request. Can identify unusual activity from a single script.
Protocol Version
(cs-version)		 The HTTP protocol version supplied by the client. Can help identify older scripts or browsers.
Host (cs-host) The contents of the HTTP Host header sent by the client. Can determine if the user browsed to the site by IP address or host name.
User Agent
(cs(User-Agent))		 The contents of the HTTP User-Agent header sent by the client. Can help uniquely identify users or attack scripts.
Cookie
(cs(Cookie))		 The contents of the HTTP Cookie header sent by the client. Can help uniquely identify users.
Referer
(cs(Referer))		 The contents of the HTTP Referer header sent by the client. Can help identify the source of an attack or see if an attacker is using search engines to find vulnerable sites.
 

If you need more informations about Log Parsers capabilites, consider visiting: http://www.securityfocus.com/infocus/1712 

Currently rated 3.3 by 3 people

  • Currently 3.333333/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5
Categories:   Web
Actions:   Bookmark and Share | Permalink | Comments (0) | Comment RSSRSS comment feed

Fix XSane' s problems with Debian.

Sunday, 25 October 2009 11:12 by myro

XSane is a graphical scanning frontend that makes easy to use you scanner. But when i lauched XSane for the first time under my Debian Lenny enviroment, XSane reported:

Failed to open device `v4l:/dev/video0': Invalid argument

To prevent this error, you should comment out the “/dev/video0″ line in /etc/sane.d/v4l.conf. Now you should be able attach your USB scanner and launch correctly the program.
But what happens if XSane says that no scanner is found? Follow these steps that helped me to solve the problem:ù

  1. Ensure the that libsane-extras package is insalled in your machine
  2. Try to run XSane as root. If it work, and finds your scanner, you should fix the permeission sets on your scanner device.
  3. Find out which bus your usb scanner resides on, this is easily done with the lsusb command:

    debian:/home/myo# lsusb
    Bus 008 Device 004: ID 054c:0377 Sony Corp.
    Bus 008 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
    Bus 007 Device 002: ID 05ca:183d Ricoh Co., Ltd
    Bus 007 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
    Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
    Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
    Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
    Bus 003 Device 007: ID 04b8:010b Seiko Epson Corp. Perfection 1240
    Bus 003 Device 006: ID 046d:c01d Logitech, Inc. MX510 Optical Mouse
    Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
    Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
    Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

    You can see the scanner resides on Bus 003 and is the 007 device in this case.
    Change the permissions using:
    debian:/home/myo# chmod a+w /dev/bus/usb/003/007 .  Replace the bus and the devices numbers with yours.

Currently rated 5.0 by 1 people

  • Currently 5/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5
Categories:  
Actions:   Bookmark and Share | Permalink | Comments (0) | Comment RSSRSS comment feed

SharePoint 2007 - Extract SharePoint Users informations to an Excel file format

Monday, 12 October 2009 09:57 by myro

SharePoint 2007 is missing a feature that lets you export all Users that belong to a particular group into a Excel compatibile file format. What happens if someone asks you: "May I have a list of all users that belongs to a particular group?". Would be nice to have a simple Form Application that saves the list provinding for each user informations like the domain name, the full name and the email?

With just few lines of code you can accomplish that or if you prefer, you can download my little project: SharePoint Group Users Info which does exactly this job:

Once you have insered your SharePoint's site url, click the Get Groups button. Select the group you wish to export and press Get Users Info. A Save File Dialog will pop up, asking you where would you save your CVS file. Open it with Excel and you are done!

Download Visual Studio 2008 Project: SharePointGroupUsersInfo.rar (70.63 kb)

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5
Tags:  
Categories:   SharePoint 2007
Actions:   Bookmark and Share | Permalink | Comments (0) | Comment RSSRSS comment feed

Working with DashCommerce 3.x - recreate the SQL Full Text Catalog

Sunday, 11 October 2009 20:29 by myro

The SQL Full Text Catalog, provides a fast search of you products into you DashCommerce's  database. But what happens if you mess up the catalog? You will receive errors like

A critical error has occurred: Cannot drop full-text catalog 'dashCommerce_Catalog' because it contains a full-text index

and you will not able to drop the catalog

Cannot drop full-text catalog 'dashCommerce_Catalog' because it contains a full-text index.

Unless you follow the steps illustrated below.

Connect to you DashCommerce's database,  and launch:

SELECT name, ftcatid FROM sysobjects WHERE ftcatid > 0
GO

This will return the table where the Full Text Catalg is use:



Now, we can drop it:


EXEC sp_fulltext_table 'dashCommerce_Store_Product', 'drop'
GO

DROP FULLTEXT CATALOG dashCommerce_Catalog
GO

And recreate it, by using the fulltextcatalog.sql script, located under /Install/Scripts


EXEC sp_fulltext_database 'enable'
GO
CREATE FULLTEXT CATALOG dashCommerce_Catalog
GO

CREATE FULLTEXT INDEX ON [dbo].[dashCommerce_Store_Product] KEY INDEX [PK_dashCommerce_Products] ON [dashCommerce_Catalog] WITH CHANGE_TRACKING AUTO
GO

ALTER FULLTEXT INDEX ON [dbo].[dashCommerce_Store_Product] ADD ([Name] LANGUAGE 1033)
GO
ALTER FULLTEXT INDEX ON [dbo].[dashCommerce_Store_Product] ADD (ShortDescription LANGUAGE 1033)
GO
ALTER FULLTEXT INDEX ON [dbo].[dashCommerce_Store_Product] ADD (BaseSku LANGUAGE 1033)
GO

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5
Tags:  
Categories:   Sql
Actions:   Bookmark and Share | Permalink | Comments (1) | Comment RSSRSS comment feed

Add WaterMark to TextBox in Asp.Net: The simple way!

Sunday, 11 October 2009 17:17 by myro

There are different solutions on the web that describes how to implement a watermark over an asp.net TextBox. The solution I still prefer is just using JavaScript with  of asp.net's parser capabilities:

Into your ASPX markup page, try the solution posted below. solution:

<script type = "text/javascript">


// This Javascript is written by Peter Velichkov (www.creonfx.com)
// and is distributed under the following license : http://creativecommons.org/licenses/by-sa/3.0/
// Use and modify all you want just keep this comment. Thanks
// Defining array that holds the IDs or Names of the inputs and the default text to display
// If you are using Names remeber that I am taking only the first one.
// The format is : 'ID1','VALUE1','ID2','VALUE2'....
// var inputs = new Array('firstname','firstvalue','secondid','secondvalue','thirdid','thirdvalue')
// Defining "indexOf" function for Internet Explorer
// It returns the index of the first occurance of an item in the array


// As you can see i'm just inject the Asp.Net TextBoxes client side's IDs into the Javascript Code


var inputs = new Array('<%= txtSearchTerms.ClientID  %>','Search...','<%= txrLogin.ClientID  %>','Login...');

if (!Array.indexOf) {
    Array.prototype.indexOf = function(obj, start) {
        for (var i = (start || 0); i < this.length; i++) {
            if (this[i] == obj) {
                return i;
            }
        }
    }
}
 
// Defining addEvent function since Internet Explorer
 does not support the official way of adding events
 
function addEvent(obj, type, fn) {
    if (obj.addEventListener)
    obj.addEventListener(type, fn, false);
    else if (obj.attachEvent)
    {
        obj["e" + type + fn] = fn;
        obj[type + fn] = function() {
            obj["e" + type + fn](window.event);
        }
        obj.attachEvent("on" + type, obj[type + fn]);
    }
}
 
function inputWatermark() {
    if (inputs.length < 2 || inputs.length % 2 != 0) {
        alert('Wrong usage - please read the source comments!');
    }
    for (i = 0; i < inputs.length; i++) {
        if (i % 2 == 0 && (document.getElementById(inputs[i]) || document.getElementsByName(inputs[i])[0])) {
            var cur = (document.getElementById(inputs[i])) ? (document.getElementById(inputs[i])) : (document.getElementsByName(inputs[i])[0]);
            cur.value = inputs[i + 1];
            addEvent(cur, "focus", onFocusHandler);
            addEvent(cur, "blur", onBlurHandler);
        }
    }
}
 
function onFocusHandler() {
    var inpname = this.id ? this.id: this.name;
    if (this.value == '' || this.value == inputs[inputs.indexOf(inpname) + 1]) {
        this.value = '';
    }
}
 
function onBlurHandler() {
    var inpname = this.id ? this.id: this.name;
    if (this.value == '') {
        this.value = inputs[inputs.indexOf(inpname) + 1];
    }
}
 
addEvent(window, "load", inputWatermark);
</script>


<asp:TextBox ID="txtSearchTerms" runat="server" />
<asp:TextBox ID="txtLogin" runat="server" />

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5
Tags:   ,
Categories:   .NET | Web
Actions:   Bookmark and Share | Permalink | Comments (0) | Comment RSSRSS comment feed

myrocode.com

Welcome to my personal blog site.
"myrocode.com" is about "codes from myro"!
If you are interested in who is really myro and what is myrocode, visit About Me
Anyway... Enjoy your staying and I hope this site can help you in what you are looking for. 

 

 

 

Search

Tags

Categories

Archive

Blogroll

 
Powered by BlogEngine.NET | Feel free to use posted codes with no warranty. Enjoy!
Sign in