Troubleshooting Exchange with LogParser:IIS logs #2

In my previous post I described how to extract data from the IIS logs for one or multiple user/users or device/devices. This post is more about analytic or statistic tasks you can perform with this script.

There are the following reports available:

  • EASReport
  • EASErrorReport
  • ClientReport
  • ClientBandwidth
  • HTTPReport

EASReport

This report is based on the script “A script to troubleshoot issues with Exchange ActiveSync”. There are minor changes as I added support for sync types (First, Subsequent, Recovery and Invalid) and removed some fields for commands and IIS errors. Nevertheless a really good report to get an overview. This report can be combined with a user. The report is sorted by the number of hits. In the following example I used LoadGen to generate requests:

.\Get-IISStats.ps1 -Outpath C:\Temp\Output -StartDate 141020 -EndDate 141020 -EASReport

IISStats11

Within this AD-site (HQ-Site) the script found 2 Exchange server. One Exchange 2010 (EX01) and one Exchange 2013 (EX02). The output is in the folder C:\Temp\Output. The format is yyMMDD_EASReport_<AD-Site>HH-mm-ss.csv and yyMMDD_EASReport<UserID>_<AD-Site>_HH-mm-ss.csv when you combined it with a user.

IISStats12

And that’s how it looks like:

IISStats13

EASErrorReport

The EASErrorReport will extract all the errors any ActiveSync device genereated. You will have a list of errors per server, user, deviceid, the error itself and the count. This could be helpfull to pinpoint a specific server or to get a general overview what’s going on.

.\Get-IISStats.ps1 -Outpath C:\Temp\Output -StartDate 141020 -EndDate 141020 -EASErrorReport

IISStats14

Same server were found and the output could be found in the OutPath. The format is yyMMDD_EASErrorReport_<AD-Site>HH-mm-ss.csv and yyMMDD_EASErrorReport<UserID>_<AD-Site>_HH-mm-ss.csv when you combined it with a user.

IISStats15

IISStats16

ClientReport

This report will list all the clients (cs(User-Agent)), total number of hits and the requested URI.

Note: The number is the number of hits and not the number of unique clients!

PS C:\Scripts> .\Get-IISStats.ps1 -Outpath C:\Temp\Output -StartDate 141020 -EndDate 141020 -ClientReport

IISStats17

The format is yyMMDD_ClientReport_<AD-Site>_HH-mm-ss.csv

IISStats18

And looks like this

IISStats19

I added the request URI just to distinct what service was used by what client.

ClientBandwidth

This is really an important report when it comes to unique clients and network usage. In order to get all the details about the usage you need to have configured extended logging for the fields cs-bytes and cs-bytes.

The output will be 4 files:

  • Data (Hour,Vdir,User,EASDeviceId,KB received,KB sent,KB Total) yyMMDD_Clientbandwidth_<AD-Site>_HH-mm-ss_data.csv
  • EASDevices contains the number of unique ActiveSync devices per hour (Hour,UniqueEASDeviceS) yyMMDD_Clientbandwidth_<AD-Site>_HH-mm-ss_easdevices.csv
  • Rate contains the calculate bandwidth usage per hour (Hour,kB/s KiloBytes/s,MB/s MegaBytes/s,kbps,Mbps) yyMMDD_Clientbandwidth_<AD-Site>_HH-mm-ss_rate.csv
  • Users conatins all unique users per hour (Hour,UniqueUsers) yyMMDD_Clientbandwidth_<AD-Site>_HH-mm-ss_users.csv

Whereas the files EASDevices, Rate and Users will show you the numbers per hour, the Data file is the one you should be interested in. Once you have it import it in Excel and create a PivotChart as follows:

  • Insert PivotChart
  • For Table/Range click on cell A1
  • Press Strg+Shift+End to select all data

IISStats20

  • Now add “Hour” to “Axis Fields and “Vdir” to “Legend Fields”

IISStats21

  • Depending on what you want you now can add other fields to “Values”

In this example I picked KB total for OAB,EWS and ActiveSync

IISStats22

This is an example for unique users OAB,EWS, Autodiscover and ActiveSync

IISStats23

This report is really helpfull in questions related to bandwidth. It could be helpfull when you’re planning for O365. Neil did a great job with the “Exchange Client Network Bandwidth Calculator”. With this script you can partly verify your calculation.

Why partly?

When you are on Exchange 2010 you still have the RPC traffic. Sadly this traffic is not logged in a way that you can get the transfered bytes. If you have a dedicated load balancer you want to have a look into its reporting capabilities to get exact numbers. At least you will get a detailed overview who is using your Exchange servers and how much traffic is generated.

HTTPReport

This is the last report and very helpful to check your servers health from HTTP.sys perspective.

PS C:\Scripts> .\Get-IISStats.ps1 -Outpath C:\Temp\Output -StartDate 141020 -EndDate 141020 -HTTPBeport

IISStats24

The output could be found in the format yyMMDD_HTTPErrorReport_<AD-Site>_HH-mm-ss.csv

IISStats25

And you will get a list of errors per server sort by number of hits

IISStats26

More info about the errors could be found here and here.

Generic stats

As last you will get by default, when you don’t use any parameter, 4 files as follows:

  • Collect all IIS errors (Request,HttpStatus,Win32Status,SourceIP,Hits) yyMMDD_IIS_errors.csv
  • All hits for this day per user (SourceIP,OverallHits,User,Client,Bytes received,Bytes sent,EASRequest) yyMMDD_hits_by_ip.csv
  • All hits by hour (Hour,Hits,EASHits) yyMMDD_hits_by_hour.csv
  • All EAS devices (EASDeviceId,UserAgents) yyMMDD_eas_devices.csv
PS C:\Scripts> .\Get-IISStats.ps1 -Outpath C:\Temp\Output -StartDate 141020 -EndDate 141020

IISStats27

Here the 4 files in the OutPath

IISStats28

And here how it looks when you do some analytics with Excel

IISStats29

IISStats30

IISStats31

I hope you will find this useful and it helps you to determine and solve any issues!

Advertisements

One thought on “Troubleshooting Exchange with LogParser:IIS logs #2

  1. Pingback: Get-IISStats: Updated version available | The clueless guy

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s