This script will get you any win32 errors within you IIS logs.
SELECT sc-win32-status as ErrorNumber, WIN32_ERROR_DESCRIPTION(sc-win32-status) as ErrorDesc, Count(*) AS Total INTO Win32ErrorNumbers.txt FROM logs\iis\ex*.log WHERE sc-win32-status>0 GROUP BY ErrorNumber ORDER BY Total DESC
You can also check these errors by day to see any trends. Good after site updates etc. Only problem I’ve found is that you manually need to update this second script with any new errors numbers found in the first script.
SELECT TO_STRING(To_timestamp(date, time), 'MMdd') AS Day, SUM(c200) AS Credentials, SUM(c206) AS InvalidToken, SUM(c207) AS NetworkConnAborted, SUM(c208) AS BadCommand, SUM(c301) AS NetworkName, SUM(c302) AS ExpiredPassword, SUM(c304) AS Path, SUM(c307) AS AccessDenied, SUM(c309) AS CannotFindFile, SUM(c400) AS LogonFailed USING CASE sc-win32-status WHEN 2148074254 THEN 1 ELSE 0 END AS c200, CASE sc-win32-status WHEN 2148074248 THEN 1 ELSE 0 END AS c206, CASE sc-win32-status WHEN 1236 THEN 1 ELSE 0 END AS c207, CASE sc-win32-status WHEN 22 THEN 1 ELSE 0 END AS c208, CASE sc-win32-status WHEN 64 THEN 1 ELSE 0 END AS c301, CASE sc-win32-status WHEN 1330 THEN 1 ELSE 0 END AS c302, CASE sc-win32-status WHEN 3 THEN 1 ELSE 0 END AS c304, CASE sc-win32-status WHEN 5 THEN 1 ELSE 0 END AS c307, CASE sc-win32-status WHEN 2 THEN 1 ELSE 0 END AS c309, CASE sc-win32-status WHEN 2148074252 THEN 1 ELSE 0 END AS c400 INTO win32errorsperday.csv FROM logs\iis\ex*.log GROUP BY Day ORDER BY Day
Note: The generated CSV file can be used as a comma separated file. Open up a new Excel windows and import the data. Give it a conditional formatting and it looks something like this.
//Anders