Spilp is a simple Python script that takes IIS logs, parses them and creates statistical reports which can be used to discover unusual IP activity more easily.

Check usage guide on how to use spilp. A sample of spilp-generated reports archive can be downloaded here.

Features:

• extracts a list of IP addresses with number of hits they made sorted by number of hits
• extracts a list of "close" IP addresses that made a certain number of hits
• extracts a list of user agents sorted by number of hits
• extracts a list of cs-method hits (GET method excluded)
• extracts a list of file hits sorted by number of hits
• .pdf, .doc, .xls, .ppt (document files) + extended version
• .js, .htm, .asp (web files) + extended version
• extracts extended information for document and web file hits
• includes timestamps, client IP addresses, methods, ports, user agent details and http status codes
• extracts a list of "unusual" http status code hits sorted by number of hits
• client IP address list
• a list of files hit by an IP and number of hits for that file
• filtering results (include or exclude filtering - works in "either-or" way)
• ability to auto-generate an IP range list as a filter
• reverse DNS country lookup using MaxMinds GeoIP country downloadable database
• additional info in certain reports
• filtering results by country of origin (as a separate filtering option using spilpconf.py file)
• ability to process large amount of IIS log files
• CONFIG file for performance and output tweaking

(if you experience a lot of bolded text under features you might need to refresh a few times because google code hosting wiki sometimes does not render wiki list markup correctly)