Way back in the Windows Home Server v1 days, our former wiki editor Etoa and forum moderator Dave Marchant collaborated to publish a wiki article on how to Analyze Website Log Files From Your WHS. This wiki article now resides in the WGS tutorial area. While this is still quite pertinent to users of WHS v1, for users of WHS 2011 and Windows Server 2012 Essentials who create remote access portals and/or websites on their servers, the process is quite similar but with a few differences.
Besides, it is simply time to revisit this whole process. As in you might ask yourself “why would I want/need to do this?” The easiest way to answer this is to provide the following picture of an analysis of the Remote Web Access URL on my Windows Server 2012 Essentials computer.
I know of no one outside of the United States who would be legitimately attempting to access my RWA URL. Whether these are random hits from web crawlers, specific and/or random hits from hackers, or legitimate search sites bots does not matter, I certainly don’t want someone trying to access my personal RWA page, period. Now, if I had a website set up and running, that might be a different story, but it certainly would still be a good idea to get a read on who is accessing that site.
In either case, what follows is one way to obtain this information. Please note that this was done on an Essentials server. If you are using WHS 2011, the procedure is still quite similar.
- Step 1, download Deep Log Analyzer
There is a free version, and a paid version. For a home-based server, the free version should be sufficient for our needs. If you try the free version, and feel you need more, the full professional software has a 25-day trial that will cost you $200 (on sale) to $300 to continue to use it after that point. I used the free version…
- Step 2, Install the software
You can install Deep Log Analyzer two different ways; on a client or on the server. I prefer installing it on the server, so that is the method I chose. If you do decide to install the software on a client computer, you will need to Share the folder that contains the log files so that the program can access them from a client computer.
From the Dashboard, you can use add-ins such Advanced Admin Console or RemoteLauncher to open a Windows Explorer window to create the appropriate share
or you could get onto your server directly or from a Remote Desktop Connection to do this.
As I wish to access this software from any client I might be on *and* avoid creating the appropriate share and associated permissions, I chose the second method which is to install the software directly on the server.
Once downloaded, I copied the installation file over to the server using Windows Explorer from the client machine to a shared folder on the server. To install the software, the simplest method is to logon to the server directly or from a Remote Desktop Connection. You can do this from the aforementioned add-ins also, but directly or remotely would be preferred. Locate and open the installation program.
Proceed through the install screens using whatever defaults come up and finish.
- Step 3, Configure the software
When first opened, Deep Log Analyzer will display a “sample project”.
Close that project, and create a New project.
Enter a project name,
and in the next screen, click on the <Click Here to add log files>.
Navigate to C:\inetpub\logs\LogFiles\W3SVC1, and select a log file.
Back in the setup window, double-click on the entry to edit the files name create a wildcard name.
In my project, I am setting it up to check out my RWA URL, so I opened the logon page in my web browser to obtain the full URL information.
Back to the project setup wizard, click on next to bring up the following window.
The basic URL information I copied in the first box, and the remaining portion into the Default Page box.
Next, I entered the server Domain name and local *static* IP address for the server in the second box.
You can get the Domain name from the server System window,
and the IP address can be obtained from Windows PowerShell on the server.
Click through the remaining screens and “Finish & Save”.
- Step 4, Check out who is visiting you.
Back in the main program, you can now access the Reports windows on the left side,
locate the Visitors Activity folder to view such information as Top Visitors
and Top Countries.
If you want to find out specific information on a particular IP address, click on it to bring it a DomainTools WhoIs webpage:
- Step 5, Block them!
Now that you have the IP addresses of who is visiting you, you may want to block them from “visiting” you again.
Access the Control Panel on your server,
open Administrative Tools,
and finally the Internet Information Services (IIS) Manager.
Expand the folder on the left side and locate “Default Web Site”.
In the right middle pane, locate and right-click on the IP Address and Domain Restrictions icon.
Select Open Feature.
From this window,
select “Add Deny Entry” on the right side,
add a specific IP address or range of addresses and select OK.
Those sites are now blocked from your server.
While you are in this section, you should probably do one more thing which is to change the Dynamic IP Restriction settings.
Check the top two boxes to enable these features and accept the defaults. You now have basic protection from such nefarious problems as spammers and DDoS attacks.
- Step 6, Recheck and Update
Of course, you should recheck Deep Log Analyzer and update the IIS restrictions on a regular basis. You can do this from a Remote Desktop Connection. I happen to use RemoteLauncher on the Dashboard, so I added access to the program from this add-in. Click on Add on the right side,
locate and select the program in the C:\Program Files (x86) folder
and you now have a direct link to the program in the Dashboard.
While there is only a slim chance that anyone might really be interested in your server, it does not hurt to protect yourself.