查看哪个IP访问量大，访问了什么地址，大可以看到攻击者IP：

select c-ip,count(c-ip) AS allcount,cs-uri-stem,cs-uri-query,cs(User-Agent)
from #IISW3C# WHERE to_string(date,'yyyy-MM-dd') = '2011-11-15'
group by c-ip,cs-uri-stem,cs-uri-query,cs(User-Agent)
order by allcount desc

将日志保存到MSSQL

  
          

           
   C:\PROGRA~1\Log Parser 2.2>LogParser file:c:\lp.sql -iw:ON -i:iisw3c -e:1000 -o:
  
          
  
          

           
   sql -oConnString:"Driver={SQL Server};Server=(local);db=Log_IIS;uid=sa;pwd=123"