-
Notifications
You must be signed in to change notification settings - Fork 0
/
IISRFBaseline-verbs.psm1
100 lines (82 loc) · 2.45 KB
/
IISRFBaseline-verbs.psm1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
function Get-RFLpQueryVerbs
{
<#
.SYNOPSIS
Creates Logparser query for RF verbs baseline using IIS logs.
.EXAMPLE
Get-RFLpQueryVerbs -Sitename W3SVC1 -LogDir D:\inetpub\Logs\ex*.log -OutputDir D:\WorkingFolder\ -MaxHttp 303
#>
[CmdletBinding()]
param(
[parameter(Mandatory=$true)]
[System.String]
# IIS Sitename of target website.
$Sitename
,
[parameter(Mandatory=$true)]
[System.String]
# IIS log directory.
$LogDir
,
[parameter(Mandatory=$true)]
[System.String]
# Outut directory for writing files.
$OutputDir
,
[parameter(Mandatory=$true)]
[System.Int32]
# Max HTTP Status Code
$MaxHttp
)
$ResultFile = Join-Path -Path $OutputDir -ChildPath 'lp_results_verbs.csv'
return @"
--lp_query_verbs.sql--
SELECT DISTINCT
cs-method AS verb,
cs-uri-stem,
COUNT(*) AS Hits
INTO $ResultFile
FROM $LogDir
WHERE
s-sitename LIKE `'$sitename`'
AND (sc-status<$MaxHttp AND sc-status>=200)
GROUP BY verb, cs-uri-stem
ORDER BY cs-uri-stem, Hits
--lp_query_verbs.sql--
"@
} # End function Get-RFLpQueryVerbs
function New-RFLpFileVerbs
{
<#
.SYNOPSIS
Creates Logparser file for RF verbs baseline using IIS logs.
.EXAMPLE
New-RFLpFileVerbs -Sitename W3SVC1 -LogDir D:\inetpub\Logs\ex*.log -OutputDir D:\WorkingFolder\ -MaxHttp 303
#>
[CmdletBinding()]
param(
[parameter(Mandatory=$true)]
[System.String]
# IIS Sitename of target website.
$Sitename
,
[parameter(Mandatory=$true)]
[System.String]
# IIS log directory.
$LogDir
,
[parameter(Mandatory=$true)]
[System.String]
# Outut directory for writing files.
$OutputDir
,
[parameter(Mandatory=$true)]
[System.Int32]
# Max HTTP Status Code
$MaxHttp
)
$FileLocation = Join-Path -Path $OutputDir -ChildPath 'lp_query_verbs.sql'
Get-RFLpQueryVerbs -Sitename $Sitename -LogDir $LogDir -OutputDir $OutputDir -MaxHttp $MaxHttp | Out-File -LiteralPath $FileLocation -Force -Encoding ascii
return $FileLocation
} # End function New-RFLpFileVerbs
Export-ModuleMember -Function 'Get-RFLpQueryVerbs','New-RFLpFileVerbs'