I'm trying to understand the meaning of some IIS logs I have as we keep expiriencing a 500_Server_Error which cause it to restart.
These are the last numbers, I know some of them but not all of them, anyone expirience this before?
Status = 500,
?????? = 0,
Windows error number = 64,
?????? = 0,
?????? = 901,
?????? = 12656
See Understanding IIS 7 log files. If you are using Windows 2012/IIS8, the default W3C format for those last 6 numbers is:
sc-status
sc-substatus
sc-win32-status
sc-bytes
cs-bytes
time-taken
You can see this in a header at the top of the file, e.g.:
#Software: Microsoft Internet Information Services 8.0
#Version: 1.0
#Date: 2014-02-12 08:00:05
#Fields: date time s-sitename s-computername s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken
Related
From an HTTP request with a loooong query string - 2847 in this case -, I got back error 404.15 with the following message:
Überprüfen Sie die Einstellung "configuration/system.webServer/security/requestFiltering/requestLimits#maxQueryString" in der Datei "applicationhost.config" oder "web.config".
In English:
Check the "configuration/system.webServer/security/requestFiltering/requestLimits#maxQueryString" setting in the "applicationhost.config" or "web.config" file.
I did this, by following the documentation and changing the maximum query string length from 2048 to 4096 characters.
Evidently, the above change has had an effect, as the original error message is gone.
Instead, I am now getting another error, still related to the maximum query string length. This time, it comes with HTTP code 400 and says:
Die Länge der Abfragezeichenfolge für die Anforderung überschreitet den konfigurierten maxQueryStringLength-Wert.
In English:
The query string length of the request exceeds the configured maxQueryStringLength value.
Now, I have scanned all *.config files on my entire disks for any occurrences of the substring maxQueryString. There is only one such occurrence in total, and it is the Web.config file for my IIS default website, which says
<requestLimits maxQueryString="4096" />
Hence, something else must be influencing the maximum query length - where else can this setting me configured?
first, make sure you enabled the anonymous authentication in iis:
set below code in web.config file:
<system.web>
<httpRuntime maxUrlLength="10999" maxQueryStringLength="2097151" />
……
</system.web>
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxUrl="10999" maxQueryString="2097151" />
</requestFiltering>
</security>
</system.webServer>
Note: set value a little bit higher than your requirement. above mentioned is just an example.
set this value in the root folder config file. and restart iis after doing changes.
I am reviewing an issue in our servers by gathering statistics on our IIS Logs. I have noticed several entries for a given path that have an sc-status of 0. I have tried to find what that could mean, but every blob/documentation site I view lists out the http status codes and what they mean.
What does sc-status 0 mean? All of these entries have a sc-substatus of 0 and sc-win32-status of 64.
It means that the client dropped the connection
sc-status (Protocol Status)
Have a read of these, hopefully you'll find the answer in one of them.
Does an HTTP Status code of 0 have any meaning?
What does HTTP status code 0 mean
Does an HTTP Status code of 0 have any meaning?
i'm also facing the same issue, 2% of web calls returns:
sc-status: 0
sc-substatus: 7
sc-win32-status: 64
I can't understand from the documentation what is occurring.
I've got a strange sybase behavior which I do not understand.
Situation
I have a table (MY_TABLE) with several columns of type smalldatetime. For illustration purposes let's assume the following table and data:
MY_TABLE||ID |TS_INIT |TS_LASTCHANGE |MY_TEXT |
||4711|3/31/2013 12:00:00 AM|3/31/2013 3:00:00 AM|someText|
TS_INIT and TS_LASTCHANGE are of type smalldatetime.
When executing the following statement I get the above result:
SELECT ID, TS_INIT, TS_LASTCHANGE MY_TEXT
FROM MY_TABLE
WHERE ID = 4711
go
My client is running in UTC+1 (Berlin) and has daylight savings time (DST) enabled.
I am not sure in what time zone the server is running and whether or not DST is enabled.
Problem
When I execute this (note that it is 03:00h):
SELECT ID, TS_INIT, TS_LASTCHANGE MY_TEXT
FROM MY_TABLE
WHERE ID = 4711 AND TS_LASTCHANGE = "2013-03-31 03:00:00:000"
go
I get NO results but when I execute this (note that it is 02:00h this time):
SELECT ID, TS_INIT, TS_LASTCHANGE MY_TEXT
FROM MY_TABLE
WHERE ID = 4711 AND TS_LASTCHANGE = "2013-03-31 02:00:00:000"
go
I do again get the above result which is saying TS_LASTCHANGE is
3/31/2013 3:00:00 AM
Note that the result prints 03:00h, even though I queried for 02:00h.
Why Is the first query returning no results even though there should be a match and why is the second query returning a result even though there should be no match?!
Note also that 3/31/2013 3:00:00 AM is the first moment in DST (at least in the year 2013) and 3/31/2013 2:00:00 AM should never ever exist at all because when transitioning from winter to summer time, the clock switches from 01:59:59 to 03:00:00 (as per this site).
Database: Adaptive Server Enterprise V15.0.3
Client: Aqua Data Studio V16.0.5
EDIT:
When querying whit the TS_INIT everything works as one would expect (only a result for 3/31/2013 12:00:00 AM)
Aqua Data Studio is written in Java.
The problem you are having has to do with the fact that Java is aware of timezones and databases don't have a concept of timezone when they store date and times. When the time comes back from the database, the database's JDBC driver puts it in a Java date and just assumes the timezone is irrelevant. The problem happens when you try to display a time which the JVM thinks is invalid, so a valid date is presented, which basically pushes the time by an hour. Daylight savings for 2015 started on March 08 2.00 AM and one of your rows contains a date which is invalid according to JVM.
This has been a known design issue with Java, and they are trying to fix this with JSR-310 for inclusion in Java SE 8. With this, they will have LocalDate, OffsetDate and ZonedDate. You can read more about it here ...
https://today.java.net/pub/a/today/2008/09/18/jsr-310-new-java-date-time-api.html#jsr-310-datetime-concepts
https://jcp.org/en/jsr/detail?id=310
http://docs.google.com/View?id=dfn5297z_8d27fnf
Workaround
The only workaround, is to probably trick the JVM by setting the timezone in the JVM to GMT. If you are running ADS 16 on Windows, and you launch ADS with the shortcut icon on the desktop (which runs datastudio.exe), then you need to modify the datastudio.ini file in your folder. Add a new entry for vmarg.5=-Duser.timezone=gmt
This link explains the location of where to find the data studio.ini
https://www.aquaclusters.com/app/home/project/public/aquadatastudio/wikibook/Documentation14/page/50/Launcher-Memory-Configuration#windows
Once you have made the change, Restart ADS. Then go to Help->About->System: and double check your user.timezone setting and make sure it is GMT. Then give it a try.
With the above change there might be side effects in the application where timezone are involved, For e.g. in the Table Data Editor->Insert Current Date&Time, which would display a GMT time ... so there would be an offset.
I am working on getting a specific report out of a bunch of IIS Logs using Log parser. At the moment when an unexpected error occurrs on the web application, we send the user on to system error page (SystemError.htm).
I want to know what page they were on just before they were redirected to the system error page. I know this is a silly way to do error reporting/logging, but this is what I have to work with.
At the moment I can retrieve the IP Address, date and time of the user that ended up on the system error page.
SELECT c-ip as IPAddress, date as Date, time as Time
FROM D:\IISLog\*.log
WHERE cs-uri-stem = '/SystemError.htm'
ORDER BY c-ip, date, time DESC
I am using the log parser as such:
LogParser.exe -i:IISW3C file:C:\IISLog.sql -q:off -recurse:1
This means I recurse through alot of IISLogs that exist in subfolders. What I would I like to do now is join the result from this query to the logs again on the ip address, and take the top 1 result that has a datetime before the system error page.
My issue is that I can't seem to find a way to do the join. As far as I can see this is not possible. Has anyone of you's come across something like this? My SQL isn't the greatest, maybe I'm missing another way to do it.
Maybe this is too much for the logparser, time to switch to powershell? Any help will be appreciated.
Thanks in advance!
When using the W3C log format you could try to track and evaluate cs(Referer):
SELECT c-ip as IPAddress, date as Date, time as Time, cs(Referer) as Referer
FROM D:\IISLog\*.log
WHERE cs-uri-stem = '/SystemError.htm'
ORDER BY c-ip, date, time DESC
I'm trying to find LONG UserAgent strings with LogParser.exe in my IIS logs. This example searches for entries with the string 'poo' in them.
LogParser.exe -i:IISW3C
"SELECT COUNT(cs(User-Agent)) AS Client
FROM *.log WHERE cs(User-Agent) LIKE '%poo%'"
I'm trying to say "How many entries have a User-Agent that is longer than 'x'".
Well, looks like I answered my own question.
LogParser.exe -i:IISW3C
"SELECT COUNT(cs(User-Agent)) AS Client
FROM *.log WHERE STRLEN(cs(User-Agent)) > 100"