Home     RSSRSS

Automated way of logging IIS Logs to MSSQL Database using ODBC

March 15, 2014 by kiranbadi1991 | Comments Off on Automated way of logging IIS Logs to MSSQL Database using ODBC | Filed in Development, Environment, Others, Web Server

Sometimes for few of the internal applications it helps to automate the application logging process to the database so that operation’s team can measure and benchmark the operation efficiencies of the systems.So in order to achieve these objectives, it helps to log the information directly to the database and use the facilities offered by database. So in this post I will share some of my experience in automating these processes and few of the risks elements we need to take into consideration..

The first step of this entire process is to create the database table which will hold your IIS log information.IIS 6,IIS 7 and IIS 7.5 in fact provides you the script to create the table. The sql script for creating table is located in below path,

%windir%\system32\inetsrv\logtemp.sql

However if you are on IIS 8 or IIS 8.5, then probably you might not find it in that location. So you can use the below script and create the table,

USE [IISLOGS]
GO

/****** Object:  Table [dbo].[InternetLog]    Script Date: 3/16/2014 1:23:42 PM ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO

SET ANSI_PADDING ON
GO

CREATE TABLE [dbo].[InternetLog](
    [ClientHost] [varchar](255) NULL,
    [username] [varchar](255) NULL,
    [LogTime] [datetime] NULL,
    [service] [varchar](255) NULL,
    [machine] [varchar](255) NULL,
    [serverip] [varchar](50) NULL,
    [processingtime] [int] NULL,
    [bytesrecvd] [int] NULL,
    [bytessent] [int] NULL,
    [servicestatus] [int] NULL,
    [win32status] [int] NULL,
    [operation] [varchar](255) NULL,
    [target] [varchar](255) NULL,
    [parameters] [varchar](255) NULL
) ON [PRIMARY]

GO

SET ANSI_PADDING OFF
GO

For each of the table columns, Microsoft has below explanation, its always safe to go with Microsoft suggestions since having incorrect column types means that at some point we might see data truncation issues.

FieldName: ClientHost
Data Source/Type: Varchar(255)
Explanations: Client IP address.

FieldName: Username
Data Source/Type: Varchar(255)
Explanations: User name for the client. If the page is not password-protected, this is always the anonymous user name.

FieldName: LogTime
Data Source/Type: Datetime
Explanations: Date and time that the log entry was created.

FieldName: Service
Data Source/Type: Varchar(255)
Explanations: Name of the service. This can be WWW, FTP, or some other name.

FieldName: Machine
Data Source/Type: Varchar(255)
Explanations: Server name.

FieldName: ServerIP
Data Source/Type: Varchar(255)
Explanations: Server IP address.

FieldName: ProcessingTime
Data Source/Type: Int
Explanations: Time spent on request processing (in milliseconds).

FieldName: BytesRecvd
Data Source/Type: Int
Explanations: Number of bytes received.

FieldName: BytesSent
Data Source/Type: Int
Explanations: Number of bytes sent.

FieldName: ServiceStatus
Data Source/Type: Int
Explanations: Service status, such as 200.

FieldName: Win32Status
Data Source/Type: Long Integer
Explanations: Windows NT status code. 0 typically indicates success.

FieldName: Operation
Data Source/Type: Varchar(255)
Explanations: Type of the operation or command. For example, this may be USER for FTP or GET for WWW.

FieldName: Target
Data Source/Type: Varchar(255)
Explanations: Target of the operation. For example, this may be Default.htm.

FieldName: Parameters
Data Source/Type: Varchar(255)
Explanations: Any parameters for the operation. This can be either name/value pairs for invoking CGI or an ISAPI extension. It is a user name for the FTP command USER. 

Once the table is created, the next step is to configure ODBC System DSN on the machine which hosts the IIS Server.If you are 32 Bit systems , then you need to Configure 32 bit System ODBC and for 64 bit systems you need to enable 64 Bit System ODBC.Below steps should help you to configure ODBC DSN,

  1. On the IIS Server, open Control Panel, double-click the ODBC data source, click the System DSN tab, and then click Add.When the Create New Data Source window appears, click to select SQL Server, and then click Finish
  2. image[8]

  3. Click Add and in the Name box, type HTTPLOG(Name of DSN), type a description, click to select the SQL server that you want to connect to, and then click Next. If the SQL server is on the same computer, select (local).

image

    3. In the creation wizard, make sure that you click to select With Windows NT  authentication using the network login ID for the computer that is running SQL Server. Examine the client configuration, and use the default Named Pipe setting. Make sure that the SQL server name is correct, and then click OK.Click Next.

image

4. Map the IIS Logs database to the database where the original created table resides, and then click Next.If you want to, you can click to select Save long running queries to the log file and Log ODBC driver statistics to the log file in the wizard.Saving these queries will help you to debug any issues you find in operational or during set up phase.Else its not required to save queries.

Click Finish.At the end of the wizard, click Test Data Source. Make sure that you have successfully connected to the computer that is running SQL Server, and then click OK to exit. You need to ensure that Data Source test is successful.

image

With the above steps , you have now successfully done the setup for System DSN for logging IIS Logs into SQL Database.Microsoft provides you the DSN to log information to My SQL , Oracle and MS SQL Database. So if your database is different than these ,like Postgre or Derby then you need to install the relevant drivers for the same before they can be used.

Now the final step is  configuring the IIS to use the System DSN and start logging the application logs into the database table which we created earlier,On IIS 7, below steps can be followed to configure IIS to do ODBC logging,

  1. In the ISM MMC, right-click the Web site, and then click Properties.
  2. Click the Web Site tab.You can use configure the logging based on per site basis.
  3. In the Active log format list, click to select ODBC Logging. You can ignore the user name and password on the ODBC Logging Properties page if you selected Windows NT Integrated authentication when you set up the system DSN that is mapped to the computer that is running SQL Server.
  4. Click Apply, and then click OK.NOTE: If an account is specified on the ODBC Logging Properties page, the Username field in the SQL Server table is blank or contains a dash (-). If a domain account is used, the account name appears in the SQL Server logging table.
  5. Stop and Restart the Website.

Now IIS will direct all logging information to the table.However there are some risks for using this approach and they definitely needs to be taken into consideration,

  1. If your IIS Site is very busy , then logging using ODBC might consume lot of system resources which might impact the performance of the server.
  2. Its recommended that database holding the logging information should never be shared with live application else there exists substantial risks that database performance also might get impacted and slow down the application.

Few of the situation where I feel we can use these types of automation process is when your application is internal in nature and does not deal with very heavy loads.

For all heavy load application, I would recommend that we log IIS logs from the file to the database using  this approach as we can also automate that process on daily, nightly or weekly basis to load logs into the database.

 

Tags: , , , ,

How to enable logging in IIS 7.0

February 24, 2014 by kiranbadi1991 | Comments Off on How to enable logging in IIS 7.0 | Filed in Development, Environment, Performance Engineering, Web Server

IIS 7 on Windows 2008 Server has increased the logging capability of IIS compare to IIS 6. IIS 7 ships with below modules which are default on set up,

HTTP Logging Module(loghttp.dll)

Interacts with HTTP.sys process and processes request status. It is required for generation of logs.

Failed Request Tracing Module(iisfreb.dll)

Logs failed Requests for debugging purpose

Request Monitor Module(iisreqs.dll)

Watches the worker process activity

Tracing Module(iisetw.dll)

ETW tracing to capture trace file

Custom log Module(logcust.dll)

Logs custom module information

All the modules are located in system 32 /inetsrv directory of the server (Please see below screenshot),

image

It’s now possible to log information on per site basis or globally with IIS. It’s also possible to log just only the failed requests or only successful requests. Centralized logging can be done in Binary or W3C format.

In Order to enable logging, below steps needs to be followed,

  • Open Server Manager. Open command Prompt window and Type Run. Run Window will open. In Run window type CompMgmtLauncher.exe
  • Click on Roles (Web Server Roles).Check if Http logging is installed. If it’s not then you need to install it by adding appropriate Role.
  • Check the HTTP Logging box and install it.
  • Close the Server manager.
  • Once enabled you should be able to see something like below screen once you click on HTTP logging Module. (Below screen is from IIS 8).

image

Once the logging is enabled, logs tags are automatically created in applicationhost config file.

<log>
<centralBinaryLogFile enabled=”truedirectory=”%SystemDrive%\inetpub\logs\LogFiles/>
<centralW3CLogFile enabled=”truedirectory=”%SystemDrive%\inetpub\logs\LogFiles/>
</log

Its always a best practice to generate logs in the separate drive from your main drive where we have installed IIS 6 or the drive where heavy lifting of requests take place.

Tags: , , , ,

Transaction Response time–First Indicator of Application Performance

February 14, 2014 by kiranbadi1991 | Comments Off on Transaction Response time–First Indicator of Application Performance | Filed in Performance Center, Performance Engineering, Performance Test Tools, Quality, SilkPerformer, Small Businesses, Web Server

What do you mean by Transaction ?

What do you mean by Transaction Response time ?

Why is the Transaction Response time a key Performance Indicator for the application or system ?

Lot of young people who wants to become Performance Engineer asks me about these types of questions. Seriously I believe Transaction is often associated with the context.For Database DBA it could be something like commit the output of the SQL statement to the DB or rollback the entire output of the SQL Statement and bringing the DBA to its initial state due to some failures.For Developer, it could be related to 1 business requirement equal to 1 transaction and to the banker or domain specialist, it could be one entry in the ledger log.For the prospective of Performance Engineer, it could means any of the 3. It just depends on what is your objective of your tests or what are we looking for measure in the system or application.

The way Performance Engineer sees the transaction is bit different than the way Developer sees them.Some of the examples of the Transaction as seen by Performance Engineer are,

  • Time taken to do the login of the application
  • Time taken to generate and publish the report to the users.
  • Time taken to load the data to the database or Time taken to process xx amount of data and load it into the database(Batch Jobs).

If you look closely at above example, you can see that transaction is always associated with Time. Time taken to do X activity is prime focus of the Performance Engineer.The same might not be true for other folks like DBA,Domain experts or Developers.

One of the reasons as why Performance Engineer always associates time to transaction is because most performance tools have taught us to see transaction this way.Wrap the activity/event/Business functionality between start and end transaction markers and calculate the difference between these start and end time and say that these are our transaction response time for that activity.Most Load testing tools works this way and this logic works for almost 99.9999% of the application.However this kind of logic does not gel well with few of the technologies where non blocking of UI is more preferable than blocking of the UI. Comet/Push are some of the technologies where Marker based transactions do not work favorably unless you do some kind of the hacking.So I believe that Transaction marker based solutions work only for technologies where users waits for the response to come back.

Transaction Response time is most important characteristic of the System Performance from the Users point of view.If they are satisfied with the speed of the system to do more work in short time, then probably no effort is required to speed up the system, else lot of effort is required to increase the speed. Sometimes users are also satisfied with bit of high response time because they know the there is lot analytical calculation program/application has to do to bring data back to them.However when as more and more users starts getting into the system , they start experiencing slowness of the application.Application starts to more time to respond to the users request and the functionality which was taking 3 to 5 sec now starts to give response in 5 to 8 sec.As the user load increases, response time also starts to increase and after a certain point, it fails to respond to the users request.Performance Engineers calls this behavior a breaking point of the application.The reason for the application to stop responding could be many reasons ,however from the performance engineering’s prospective,its suggested that we do bit of analysis based on queuing theory.Rate at which application is receiving requests is more than the rate at which it can serve the requests keeping in mind the environmental constraints.Response time degradation can  happen not only when the number of users or volume of data exceeds some thresholds, but also after the application is up and running for a particular period. A period can be as short as hours or as long as days or weeks. That is often an indication that
some system resources are not released after transactions are completed
and there is a scarcity of remaining resources to allocate to new transactions.
This is called  resource leak  and is  usually due to programming/coding defects.

We say application is having performance issues after analyzing the trend of transaction and can conclude the below points based on data we have collected

    • Transaction response time is getting longer as more users are actively
      working with the system
    • Transaction response time is getting longer as more data are loaded
      into application databases.
    • Transaction response time is getting longer over time even for the same
      number of users or data volume primarily due to leaking of resources like memory,connections etc..

Transaction response time matters a lot when your application is web based application and its public facing site. The revenue of the company depends on how fast the application responds to the user’s request. If your application is internal , then it increases the productivity of the team and company over all.

Tags: , ,