Tip: How many users are hitting my web site?

This is a question we hear very often from our customers, in forums or through distribution lists. The reason we keep hearing the same question over the time is very simple: There isn’t a definitive answer for that – At least not for IIS since it’s not exactly driven by the number of users hitting it. It would make more sense to monitor the number of connections and requests being made through these than simply working around a number of users. Why I think this way? This is a subject for another post J. In this post I will just try to give you another (hopefully a more precise one) answer for “how do I know how many users are accessing my web site or application hosted in a IIS server?”

Direct to the point:   I’ve been seeing really good people making a very common mistake when trying to answer this question – The most popular answer is: Go to the IIS logs and count how many different client IP you have logged during a specific period of time. It’s a common mistake to think that client IPs are directly related to the number of users hitting the server. Why? Really simple, just think that you can have an entire organization, like here at Microsoft, accessing the web through proxy servers or entire IP intranet classes (,, behind routers providing NAT services. This client machines (some times thousands of them) will show up in your IIS log as a single client IP address.

So, it’s very nice to use LogParser to generate some pretty neat charts showing how many different IPs have been hitting your server based on the c-ip field in the IIS logs, however they will be nice charts with useless information.

The answer: Well, fortunately there is another field called cs(cookie) that will make IIS log the cookies sent back and forth. What does this have to do with the number of users? Unless you have the session state feature completely disabled for you classic ASP applications, they will use cookies to store the information for that. For instance, sessions being created by classic ASP will generate cookies always initiated by the string “ASPSESSION” followed bv a unique ID number. Can you already feel where we going to? Exactly, all I’m proposing here is replace the c-ip by the cs(cookie) in your LogParser queries.

Since every new browser session will generate a new cookie regardless of which IP the client is using, it makes much more sense to monitor it instead. For instance the query below will tell you how many different classic ASP sessions were used during 06:00pm (GTM) and 07:00pm (GTM) of the day 7/20/2007.

logparser "select count(distinct cs(cookie)) as sessions_total from ex070720.txt where cs(cookie) like 'ASPSESSION%' and date = '2007-07-20' and time > '18:00:00' and time < '19:00:00'

Now your nice charts can be both nice and useful J.