发个很早前自己写的iis6的删除日志的vbs脚本
写这个东西的原因是网上的删除iis日志工具要么报毒(懒得做免杀),要么太暴力(直接关掉IIS服务再将日志文件整个删除,坑爹呢!?)
后来找了下资料发现其实要删除iis6的日志没必要把iis服务停掉,只需要把日志记录的选项关掉就行了
在参考了Adsutil.vbs里面的部分代码后写了个vbs,专门用来删除iis6的日志,不用停掉iis的服务,删除时使用正则表达式匹配关键字,而且删除后再将日志文件修改时间改回原来的时间
第一条列出当前IIS上面站点的详细信息:站点ID号,站点物理路径,站点的日志路径
第二条命令和第三条命令是暂停和开启指定站点的日志记录的,一般用不到。第四条命令里面已经包含这两条命令
第四条是指定站点ID号,要删除的日志文件绝对路径,要删除的日志的关键字(这里关键字使用正则表达式匹配)
一般使用第一条和第四条命令结合即可
要删除IP地址是172.16.1.5在12年12月12号的访问记录:
具体代码如下:
001 |
If WScript.Arguments.Count < 1 Then |
002 |
Usage() |
003 |
WScript.Quit(1) |
004 |
End If |
005 |
006 |
Select Case UCase(WScript.Arguments.Item(0)) |
007 |
Case "LIST" |
008 |
Call ListWeb() |
009 |
Case "STOPLOG" |
010 |
Call SetLog(WScript.Arguments.Item(1),0) '0 stop log |
011 |
Case "STARTLOG" |
012 |
Call SetLog(WScript.Arguments.Item(1),1) '1 start log |
013 |
Case "DELLOG" |
014 |
Call DelLog(WScript.Arguments.Item(1),WScript.Arguments.Item(2),WScript.Arguments.Item(3)) |
015 |
Case Else |
016 |
Call Usage() |
017 |
End Select |
018 |
019 |
Sub Usage() |
020 |
WScript.Echo "IIS 6 Log Deleter By. Twi1ight" & vbCrLf |
021 |
WScript.Echo "Usage:" & vbTab & _ |
022 |
WScript.ScriptName & " LIST" & vbCrLf & vbTab & _ |
023 |
WScript.ScriptName & " STARTLOG SiteID" & vbCrLf & vbTab & _ |
024 |
WScript.ScriptName & " STOPLOG SiteID" & vbCrLf & vbTab & _ |
025 |
WScript.ScriptName & " DELLOG SiteID LogFile KeyString" & vbCrLf & " " & _ |
026 |
"LIST" & vbTab & vbTab & "List all websites info" & vbCrLf & " " & _ |
027 |
"STARTLOG" & vbTab & "Start IIS Logging on SiteID" & vbCrLf & " " & _ |
028 |
"STOPLOG" & vbTab & "Stop IIS Logging on SiteID" & vbCrLf & " " & _ |
029 |
"DELLOG" & vbTab & "Automatical stop/start IIS log and delete log items which contains KeyString, KeyString is a Regular String" |
030 |
031 |
End Sub |
032 |
033 |
Sub CheckID(ID) |
034 |
If Not IsNumeric(ID) Then |
035 |
WScript.Echo "[-] The site ID specified is not Numeric" |
036 |
WScript.Quit(1) |
037 |
End If |
038 |
End Sub |
039 |
040 |
Sub ListWeb() |
041 |
Set ObjService=GetObject("IIS://LocalHost/W3SVC") |
042 |
For Each obj3w In objservice |
043 |
If IsNumeric(obj3w.Name) Then |
044 |
sServerName=Obj3w.ServerComment |
045 |
Set webSite = GetObject("IIS://Localhost/W3SVC/" & obj3w.Name & "/Root") |
046 |
ListAllWeb = ListAllWeb & obj3w.Name & _ |
047 |
String(Abs(25-Len(obj3w.Name))," ") & _ |
048 |
obj3w.ServerComment & "(" & webSite.Path & ")" & vbCrLf |
049 |
Set objLog = GetObject("IIS://Localhost/W3SVC/" & obj3w.Name) |
050 |
ListAllWeb = ListAllWeb & String(25," ") & _ |
051 |
"Log: " & objLog.LogFileDirectory & "W3SVC" & obj3w.Name &vbCrLf |
052 |
End If |
053 |
Next |
054 |
WScript.Echo ListAllWeb |
055 |
Set ObjService=Nothing |
056 |
End Sub |
057 |
058 |
Sub SetLog(ID, value) |
059 |
CheckID(ID) |
060 |
str = "Start" |
061 |
If value = 0 Then |
062 |
str = "Stop" |
063 |
End If |
064 |
Set objSite = GetObject("IIS://localhost/W3SVC/" & ID) |
065 |
objSite.Put "LogType",value |
066 |
objSite.SetInfo |
067 |
If (Err.Number <> 0) Then |
068 |
Err.Clear |
069 |
WScript.Echo "[-] Error Trying To " & str & " IIS Logging!" |
070 |
Else |
071 |
WScript.Echo str & " IIS Logging Success!" |
072 |
End If |
073 |
|
074 |
End Sub |
075 |
076 |
Sub DelLog(ID, LogFile, KeyString) |
077 |
On Error Resume Next |
078 |
Const ForReading = 1, ForWriting = 2, ForAppending = 8 |
079 |
'WScript.Echo "Delete Log File" |
080 |
'Stop Log |
081 |
Call SetLog(ID, 0) |
082 |
WScript.Sleep 500 'wait iis to stop log otherwise will raise an exception if rewrite logfile immediately |
083 |
Set regEx = New RegExp |
084 |
regEx.Pattern = KeyString |
085 |
regEx.IgnoreCase = True |
086 |
|
087 |
Set fso = CreateObject("Scripting.FileSystemObject") |
088 |
'Save Last Modify Time |
089 |
Set f = fso.GetFile(LogFile) |
090 |
modifyDate = f.DateLastModified |
091 |
'WScript.Echo f.DateCreated & " " & f.DateLastAccessed & " " & f.DateLastModified |
092 |
|
093 |
LogPath = fso.GetParentFolderName(LogFile) |
094 |
LogName = fso.GetFileName(LogFile) |
095 |
TempFile = fso.GetTempName |
096 |
SrcFile = LogPath & "" & TempFile |
097 |
098 |
'WScript.Echo TempFile |
099 |
Call fso.CopyFile(LogFile, SrcFile) |
100 |
Set srcLog = fso.OpenTextFile(SrcFile, ForReading, False) |
101 |
Set dstLog = fso.OpenTextFile(LogFile, ForWriting, False) |
102 |
Do While srcLog.AtEndOfLine <> True |
103 |
line = srcLog.ReadLine |
104 |
Set Martches = regEx.Execute(line) |
105 |
If Martches.Count <> 0 Then |
106 |
WScript.Echo " "& line 'comment out this line if don't like to display deleted log item |
107 |
Else |
108 |
dstLog.WriteLine(line) |
109 |
End If |
110 |
Loop |
111 |
srcLog.Close |
112 |
dstLog.Close |
113 |
fso.DeleteFile(SrcFile) |
114 |
'Change Last Modify Time |
115 |
Set objShell = CreateObject("Shell.Application") |
116 |
Set objFolder = objShell.NameSpace(LogPath) |
117 |
Set objFolderItem = objFolder.ParseName(LogName) |
118 |
objFolderItem.ModifyDate = modifyDate |
119 |
'WScript.Echo f.DateCreated & " " & f.DateLastAccessed & " " & f.DateLastModified |
120 |
If (Err.Number <> 0) Then |
121 |
WScript.Echo "[-] Error Trying To Delete IIS Log!" |
122 |
Err.Clear |
123 |
End If |
124 |
'Start Log |
125 |
Call SetLog(ID, 1) |
126 |
End Sub |
这个脚本只能用于IIS6,IIS7由于重新设计过,所以完全不同了,这里也求大牛公布怎么删除iis7的日志
还有我听说3389日志可以单条删除,不知有哪位基友有此神器么?