I've been meaning to do this for ages, but since I had a spare hour or two this evening I spent it researching reporting software for use with logs generated by IIS.
I quickly found and settled with Analog. Other software that popped up in my travels was AWStats and Webalizer.
I basically just wanted something that would give me an idea of how many requests my server was processing, and how much data was being transmitted. Analog is free and configurable, and “I'm in love” (got the Sex Pistols playing here atm =P).
My IIS web logs are setup to write a file per day (UTC time) per virtual site. Because the log file config entry is labelled 'LOGFILE' I was a bit worried that Analog would only support analysis of one file, but it works happily with wild cards - which is good. Otherwise I would have had to resort to running a two line batch file to aggregate the logs for me before generating the reports, using something like:
copy *.log /A logfile.log /A
analog.exe
Luckily such an extreme solution was not required. ;) Instead I can specify the log location in the config file like this:
LOGFILE \\myserver\logs\W3SVCblah\*.log
Going to go and download / setup ReportMagic soon..
One thing that I noticed in the logs is that Nimda and other noise traffic generated by l33t h4x0rs is much lower than it used to be (since I installed / configured my new server). The reason for this seems to be that because they hit my server via the IP address, and since I don't do anything out of the 'Default Web Site' in IIS, I only see a 'GET /' and then they go away to bother another server.. I always feel nervous whenever I'm looking at my web logs.. 404 is my friend.
John.