Way back in the Windows Home Server v1 days, our former wiki editor Etoa and forum moderator Dave Marchant collaborated to publish a wiki article on how to Analyze Website Log Files From Your WHS.  This wiki article now resides in the WGS tutorial area.  While this is still quite pertinent to users of WHS v1, for users of WHS 2011 and Windows Server 2012 Essentials who create remote access portals and/or websites on their servers, the process is quite similar but with a few differences.

Besides, it is simply time to revisit this whole process.  As in you might ask yourself “why would I want/need to do this?”  The easiest way to answer this is to provide the following picture of an analysis of the Remote Web Access URL on my Windows Server 2012 Essentials computer.

8 11 2013 9 05 28 AM thumb2 Analyze Website Log Files From Your Server

I know of no one outside of the United States who would be legitimately attempting to access my RWA URL.  Whether these are random hits from web crawlers, specific and/or random hits from hackers, or legitimate search sites bots does not matter, I certainly don’t want someone trying to access my personal RWA page, period.  Now, if I had a website set up and running, that might be a different story, but it certainly would still be a good idea to get a read on who is accessing that site.

In either case, what follows is one way to obtain this information.  Please note that this was done on an Essentials server.  If you are using WHS 2011, the procedure is still quite similar.

8 11 2013 11 35 20 AM thumb1 Analyze Website Log Files From Your Server

There is a free version, and a paid version.  For a home-based server, the free version should be sufficient for our needs.  If you try the free version, and feel you need more, the full professional software has a 25-day trial that will cost you $200 (on sale) to $300 to continue to use it after that point.  I used the free version…

  • Step 2, Install the software

You can install Deep Log Analyzer two different ways; on a client or on the server.  I prefer installing it on the server, so that is the method I chose.  If you do decide to install the software on a client computer, you will need to Share the folder that contains the log files so that the program can access them from a client computer.

From the Dashboard, you can use add-ins such Advanced Admin Console or RemoteLauncher to open a Windows Explorer window to create the appropriate share

8 11 2013 11 49 20 AM thumb1 Analyze Website Log Files From Your Server

or you could get onto your server directly or from a Remote Desktop Connection to do this.

As I wish to access this software from any client I might be on *and* avoid creating the appropriate share and associated permissions, I chose the second method which is to install the software directly on the server.

Once downloaded, I copied the installation file over to the server using Windows Explorer from the client machine to a shared folder on the server.  To install the software, the simplest method is to logon to the server directly or from a Remote Desktop Connection.  You can do this from the aforementioned add-ins also, but directly or remotely would be preferred.  Locate and open the installation program.

8 11 2013 12 02 07 PM thumb1 Analyze Website Log Files From Your Server

Proceed through the install screens using whatever defaults come up and finish.

8 11 2013 8 38 21 AM thumb1 Analyze Website Log Files From Your Server

  • Step 3, Configure the software

When first opened, Deep Log Analyzer will display a “sample project”.

8 11 2013 8 38 57 AM thumb1 Analyze Website Log Files From Your Server

Close that project, and create a New project.

8 11 2013 8 42 05 AM thumb1 Analyze Website Log Files From Your Server 8 11 2013 8 44 07 AM thumb1 Analyze Website Log Files From Your Server

Enter a project name,

8 11 2013 8 44 24 AM thumb1 Analyze Website Log Files From Your Server

and in the next screen, click on the <Click Here to add log files>.

8 11 2013 8 45 07 AM thumb1 Analyze Website Log Files From Your Server

Navigate to C:\inetpub\logs\LogFiles\W3SVC1, and select a log file.

8 11 2013 8 50 00 AM thumb1 Analyze Website Log Files From Your Server

Back in the setup window, double-click on the entry to edit the files name create a wildcard name.

8 11 2013 8 50 29 AM thumb1 Analyze Website Log Files From Your Server 8 11 2013 8 50 51 AM thumb1 Analyze Website Log Files From Your Server

In my project, I am setting it up to check out my RWA URL, so I opened the logon page in my web browser to obtain the full URL information.

8 11 2013 12 13 10 PM thumb1 Analyze Website Log Files From Your Server

Back to the project setup wizard, click on next to bring up the following window.

8 11 2013 8 51 03 AM thumb1 Analyze Website Log Files From Your Server

The basic URL information I copied in the first box, and the remaining portion into the Default Page box.

8 11 2013 8 55 44 AM thumb1 Analyze Website Log Files From Your Server

Next, I entered the server Domain name and local *static* IP address for the server in the second box.

8 11 2013 8 59 01 AM thumb1 Analyze Website Log Files From Your Server

You can get the Domain name from the server System window,

8 11 2013 12 25 16 PM thumb1 Analyze Website Log Files From Your Server

and the IP address can be obtained from Windows PowerShell on the server.

8 11 2013 12 34 42 PM thumb1 Analyze Website Log Files From Your Server

Click through the remaining screens and “Finish & Save”.

8 11 2013 8 59 50 AM thumb1 Analyze Website Log Files From Your Server

  • Step 4, Check out who is visiting you.

Back in the main program, you can now access the Reports windows on the left side,

8 11 2013 9 02 49 AM thumb1 Analyze Website Log Files From Your Server

locate the Visitors Activity folder to view such information as Top Visitors

8 11 2013 9 04 30 AM thumb1 Analyze Website Log Files From Your Server

and Top Countries.

8 11 2013 9 05 28 AM thumb3 Analyze Website Log Files From Your Server

If you want to find out specific information on a particular IP address, click on it to bring it a DomainTools WhoIs webpage:

8 11 2013 2 55 30 PM thumb Analyze Website Log Files From Your Server

  • Step 5, Block them!

Now that you have the IP addresses of who is visiting you, you may want to block them from “visiting” you again.

Access the Control Panel on your server,

8 11 2013 9 15 04 AM thumb1 Analyze Website Log Files From Your Server

open Administrative Tools,

8 11 2013 9 15 29 AM thumb1 Analyze Website Log Files From Your Server

and finally the Internet Information Services (IIS) Manager.

8 11 2013 9 16 00 AM thumb1 Analyze Website Log Files From Your Server

Expand the folder on the left side and locate “Default Web Site”.

8 11 2013 9 17 49 AM thumb1 Analyze Website Log Files From Your Server

In the right middle pane, locate and right-click on the IP Address and Domain Restrictions icon.

8 11 2013 9 31 55 AM thumb1 Analyze Website Log Files From Your Server

Select Open Feature.

8 11 2013 12 57 55 PM thumb1 Analyze Website Log Files From Your Server

From this window,

8 11 2013 1 00 41 PM thumb1 Analyze Website Log Files From Your Server

select “Add Deny Entry” on the right side,

8 11 2013 1 01 14 PM thumb1 Analyze Website Log Files From Your Server

add a specific IP address or range of addresses and select OK.

8 11 2013 1 01 22 PM thumb1 Analyze Website Log Files From Your Server

Those sites are now blocked from your server.

While you are in this section, you should probably do one more thing which is to change the Dynamic IP Restriction settings.

8 11 2013 3 37 51 PM thumb Analyze Website Log Files From Your Server

Check the top two boxes to enable these features and accept the defaults.  You now have basic protection from such nefarious problems as spammers and DDoS attacks.

  • Step 6, Recheck and Update

Of course, you should recheck Deep Log Analyzer and update the IIS restrictions on a regular basis.  You can do this from a Remote Desktop Connection.  I happen to use RemoteLauncher on the Dashboard, so I added access to the program from this add-in.  Click on Add on the right side,

8 11 2013 1 06 06 PM thumb1 Analyze Website Log Files From Your Server

locate and select the program in the C:\Program Files (x86) folder

8 11 2013 1 06 25 PM thumb1 Analyze Website Log Files From Your Server

and you now have a direct link to the program in the Dashboard.

8 11 2013 1 06 35 PM thumb1 Analyze Website Log Files From Your Server

While there is only a slim chance that anyone might really be interested in your server, it does not hurt to protect yourself.