I'm trying to look at the IIS logs with Log Parser Studio to determine how recently some IP addresses have accessed a website. I've used the following query below to at least get myself a count over the life of the logs:
select c-ip, count(c-ip) as requestcount from '[LogFilePath]' group by c-ip order by count(c-ip) desc
I'm having trouble modifying this to pull IP address information with a 'last accessed' date. Is something like this possible? or is there a better way to go about achieving what I want?
Ideally I'd like to utilize this query to audit the logs and after X amount of days of inactivity from an IP address....revoke access based on IP address (remove access at the firewall, IP addresses are on a whitelist).
Due to the nature of the website/application, there may be times where an IP doesn't access for 90-120 days so using a simple 'hit count' doesn't work. It could be easy to mistakenly remove access for a still valid IP address and the hit count is reset when the firewall is rebooted.
Thanks in advance.
Add in MAX(DATE) to the query.
select c-ip, count(c-ip), MAX(DATE) as requestcount from '[LogFilePath]' group by c-ip order by MAX(DATE) desc