发个很早前自己写的iis6的删除日志的vbs脚本
写这个东西的原因是网上的删除iis日志工具要么报毒(懒得做免杀),要么太暴力(直接关掉IIS服务再将日志文件整个删除,坑爹呢!?)
后来找了下资料发现其实要删除iis6的日志没必要把iis服务停掉,只需要把日志记录的选项关掉就行了
在参考了Adsutil.vbs里面的部分代码后写了个vbs,专门用来删除iis6的日志,不用停掉iis的服务,删除时使用正则表达式匹配关键字,而且删除后再将日志文件修改时间改回原来的时间
第一条列出当前IIS上面站点的详细信息:站点ID号,站点物理路径,站点的日志路径
第二条命令和第三条命令是暂停和开启指定站点的日志记录的,一般用不到。第四条命令里面已经包含这两条命令
第四条是指定站点ID号,要删除的日志文件绝对路径,要删除的日志的关键字(这里关键字使用正则表达式匹配)
一般使用第一条和第四条命令结合即可
要删除IP地址是172.16.1.5在12年12月12号的访问记录:
具体代码如下:
001 |
If WScript.Arguments.Count < 1 Then
|
006 |
Select Case UCase(WScript.Arguments.Item(0))
|
010 |
Call SetLog(WScript.Arguments.Item(1),0) '0 stop log
|
012 |
Call SetLog(WScript.Arguments.Item(1),1) '1 start log
|
014 |
Call DelLog(WScript.Arguments.Item(1),WScript.Arguments.Item(2),WScript.Arguments.Item(3))
|
020 |
WScript.Echo "IIS 6 Log Deleter By. Twi1ight" & vbCrLf
|
021 |
WScript.Echo "Usage:" & vbTab & _
|
022 |
WScript.ScriptName & " LIST" & vbCrLf & vbTab & _
|
023 |
WScript.ScriptName & " STARTLOG SiteID" & vbCrLf & vbTab & _
|
024 |
WScript.ScriptName & " STOPLOG SiteID" & vbCrLf & vbTab & _
|
025 |
WScript.ScriptName & " DELLOG SiteID LogFile KeyString" & vbCrLf & " " & _
|
026 |
"LIST" & vbTab & vbTab & "List all websites info" & vbCrLf & " " & _
|
027 |
"STARTLOG" & vbTab & "Start IIS Logging on SiteID" & vbCrLf & " " & _
|
028 |
"STOPLOG" & vbTab & "Stop IIS Logging on SiteID" & vbCrLf & " " & _
|
029 |
"DELLOG" & vbTab & "Automatical stop/start IIS log and delete log items which contains KeyString, KeyString is a Regular String"
|
034 |
If Not IsNumeric(ID) Then
|
035 |
WScript.Echo "[-] The site ID specified is not Numeric"
|
042 |
For Each obj3w In objservice
|
043 |
If IsNumeric(obj3w.Name) Then
|
044 |
sServerName=Obj3w.ServerComment
|
046 |
ListAllWeb = ListAllWeb & obj3w.Name & _
|
047 |
String(Abs(25-Len(obj3w.Name))," ") & _
|
048 |
obj3w.ServerComment & "(" & webSite.Path & ")" & vbCrLf
|
050 |
ListAllWeb = ListAllWeb & String(25," ") & _
|
051 |
"Log: " & objLog.LogFileDirectory & "\W3SVC" & obj3w.Name &vbCrLf
|
054 |
WScript.Echo ListAllWeb
|
055 |
Set ObjService=Nothing
|
058 |
Sub SetLog(ID, value)
|
065 |
objSite.Put "LogType",value
|
067 |
If (Err.Number <> 0) Then
|
069 |
WScript.Echo "[-] Error Trying To " & str & " IIS Logging!"
|
071 |
WScript.Echo str & " IIS Logging Success!"
|
076 |
Sub DelLog(ID, LogFile, KeyString)
|
078 |
Const ForReading = 1, ForWriting = 2, ForAppending = 8
|
079 |
'WScript.Echo "Delete Log File"
|
082 |
WScript.Sleep 500 'wait iis to stop log otherwise will raise an exception if rewrite logfile immediately
|
083 |
Set regEx = New RegExp
|
084 |
regEx.Pattern = KeyString
|
085 |
regEx.IgnoreCase = True
|
087 |
Set fso = CreateObject("Scripting.FileSystemObject")
|
088 |
'Save Last Modify Time
|
089 |
Set f = fso.GetFile(LogFile)
|
090 |
modifyDate = f.DateLastModified
|
091 |
'WScript.Echo f.DateCreated & " " & f.DateLastAccessed & " " & f.DateLastModified
|
093 |
LogPath = fso.GetParentFolderName(LogFile)
|
094 |
LogName = fso.GetFileName(LogFile)
|
095 |
TempFile = fso.GetTempName
|
096 |
SrcFile = LogPath & "\" & TempFile
|
098 |
'WScript.Echo TempFile
|
099 |
Call fso.CopyFile(LogFile, SrcFile)
|
100 |
Set srcLog = fso.OpenTextFile(SrcFile, ForReading, False)
|
101 |
Set dstLog = fso.OpenTextFile(LogFile, ForWriting, False)
|
102 |
Do While srcLog.AtEndOfLine <> True
|
103 |
line = srcLog.ReadLine
|
104 |
Set Martches = regEx.Execute(line)
|
105 |
If Martches.Count <> 0 Then
|
106 |
WScript.Echo " "& line 'comment out this line if don't like to display deleted log item
|
108 |
dstLog.WriteLine(line)
|
113 |
fso.DeleteFile(SrcFile)
|
114 |
'Change Last Modify Time
|
115 |
Set objShell = CreateObject("Shell.Application")
|
116 |
Set objFolder = objShell.NameSpace(LogPath)
|
117 |
Set objFolderItem = objFolder.ParseName(LogName)
|
118 |
objFolderItem.ModifyDate = modifyDate
|
119 |
'WScript.Echo f.DateCreated & " " & f.DateLastAccessed & " " & f.DateLastModified
|
120 |
If (Err.Number <> 0) Then
|
121 |
WScript.Echo "[-] Error Trying To Delete IIS Log!"
|
这个脚本只能用于IIS6,IIS7由于重新设计过,所以完全不同了,这里也求大牛公布怎么删除iis7的日志
还有我听说3389日志可以单条删除,不知有哪位基友有此神器么?
