What Are Internet Information Services Log Files For

In this commodity, we will learn well-nigh details of IIS Logs i.e. what are IIS logs, what does it incorporate, data fields from the HTTP requests that are logged into IIS logs, IIS Logs Formats & location of IIS Logs. We will as well look at the strategies to manage IIS log files deejay usage.

Internet Data Server (IIS) is a web server from Microsoft that gets shipped with Windows Operating System. All the requests made to Web Serves are recorded in IIS Logs.

IIS Provides a logging characteristic that is efficient, configurable & and flexible logging architecture. You can configure options similar IIS log Format, IIS log fields (in W3C format), IIS log location, File Encoding and rollover mechanism for the IIS log files.

Configure IIS Logs

You lot can configure IIS logs to capture details of all the HTTP requests along with the status that is processed by the sites hosted on that IIS. IIS logs can assist yous troubleshoot your site.

IIS logs can be configured at the Server or Site level. I personally prefer configuring logging at the Server level as this sets a default logging configuration for all the new sites.

IIS Manager tin be used to configure logging. Note that the HTTP Logging characteristic should be installed (refer to the image below) for logging to be bachelor

Configure or change setting using IIS Director as shown below

Based on your needs for logging you tin configure the following fields:

One log file per Site or Server, the default value is site & I personally prefer site.
Log File Format – IIS, NCSA, W3C, or Custom. W3C is a customizable option with different fields so you can log important properties and limiting the log size if required.
Select Fields to be Logged (Only bachelor for file format W3C). The detailed list of Fields is covered in the next department.
Directory where logs will be saved
Log Outcome Destination
Logfile rollover settings

IIS Log File Format

IIS write log to the files. In that location is a fixed format in which the information is written to these log files. As discussed in the previous section the fields to exist logged can be configured and also yous can select the format for the log file. The W3C Extended format, IIS log format, and NCSA format are all ASCII text formats (unless UTF-eight is enabled for your Web sites).

The W3C IIS log file format allows you to select the fields you want to log for each asking. The W3C file is a infinite-delimited file format and empty fields i.e. fields with no value will be displayed using the hyphen (-). Shown beneath is the sample of the IIS log file format for one request that is logged using the IIS Logs W3C format.

                #Software: Microsoft Internet Information Services ten.0 #Version: i.0 #Date: 2021-x-18 00:00:18 #Fields: date fourth dimension s-sitename s-computername due south-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken 2020-02-22 23:59:50 W3SVC2 SERVERNAME1 192.168.0.2 Postal service /Awarding/Controller/Activeness - 80 - 202.124.212.56 Mozilla/5.0+(Linux;+Android+11;+SM-M515F+Build/RP1A.200720.012;+wv)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Version/4.0+Chrome/93.0.4577.62+Mobile+Safari/537.36 - 200 0 0 140

Both the IIS & NCSA log file formats cannot exist customized and are fixed ASCII formats. In IIS log file format the items are comma-separated. In NSCA fields are separated past space and empty fields are represented by a hyphen (-). The IIS log file format records more data than the NCSA log file format.

There is a tool provided past Microsoft Log Parser using which you lot can read the information from the IIS log files. Using this tool you will be able to run SQL like queries against the log file and produce the desired report on screen or in a file.

List of IIS W3C Log Fields

Here is the consummate list of fields that are available for logging in to the IIS logging module nether log file format W3C.

Date (date): engagement of asking.
Time (time): time of the asking in Coordinated Universal Fourth dimension (UTC).
Customer IP Address (c-ip): the client IP accost that made the asking.
User Name (cs-username): the name of the authenticated user who made the request. A hyphen indicates an anonymous user.
Service Proper noun (s-sitename): the site service name and instance number that handled the request.
Server Proper noun (s-computername): the proper noun of the server on which request was fabricated.
Server IP Address (s-ip): the IP address of the server on which request was made.
Server Port (s-port): the server port number that is configured for the service.
Method (cs-method): the requested action, for case, a Become method.
URI Stem (cs-uri-stalk): the URI, or target, of the action.
URI Query (cs-uri-query): the query, if any, that the customer was trying to perform. A URI query is necessary only for dynamic pages.
Protocol Status (sc-condition): the HTTP request status code.
Protocol Substatus (sc-substatus): the HTTP request substatus error code.
Win32 Status (sc-win32-status): the Windows status code.
Bytes Sent (sc-bytes): the number of bytes that the server sent to the client.
Bytes Received (cs-bytes): the number of bytes that the server received from the client.
Time Taken (time-taken): the time that the request took to complete (in milliseconds).
Protocol Version (cs-version): the HTTP protocol version that the client used.
Host (cs-host): the hostname, if any.
User Agent (cs(UserAgent)): the browser type that client used for request.
Cookie (cs(Cookie)): the content of the cookie sent or received.
Referrer (cs(Referrer)): the site that the user last visited. This site provided a link to the current site.

IIS Logs Location

The default location for IIS Log files is %SystemDrive%\inetpub\logs\LogFiles. But one can even alter this default location and log to a dissimilar directory.

To verify or change the IIS logs file location follow the below steps

one. First IIS Manager (Version 8.v) by either from Outset=>run "intetmgr" or from Control Panel=>Authoritative Tools=>Internet Data Services (IIS) Manager

ii. In IIS Managing director from Connections Tree on the left Panel select the site for which the Logs directory needs to be configured. From Characteristic View in the eye double click on Icon Logging

On the Logging screen under Log File=>Directory you can find the configured location for IIS Log Files. Alternatively, yous tin click on activity "View Log Files" to navigate direct to the logs binder in Windows Explorer.

Manage IIS Log File Storage

IIS will generate logs and if traffic to your awarding is college then information technology will generate huge log files on a daily basis. I have fifty-fifty seen log files with sizes greater than one GB on daily ground. These huge log files will occupy the disk space on your disk and will make full it sooner than yous realize. Then you lot need to monitor the disk space used & too use some strategies for cleaning or moving the log files generated for your application.

At that place are multiple options using which you tin manage the disk infinite bachelor for writing logs to the disk. Below are some of the strategies which yous can conform

You tin can delete older log files i.due east. you can decide that y'all need log files for how many days or months and if you lot decide to keep IIS log files for 30 days and so accordingly you can delete the log files that are older than xxx days. So at any given moment, you will take 30 log files on your storage disk.
If you have a requirement that yous cannot delete the older log files and demand to maintain all the log files then in that instance y'all can movement the older log files to another disk or remote organization. This fashion you volition avert the log disk full problem with the main log disk where logs are beingness written and motility the log files to another server either in the same domain or a different domain.
You can even determine to apply the windows folder pinch option for the log disk. Normally IIS Log files compress to about 2% of their original size. You can right-click on the log binder and click properties. In the backdrop window, yous can select advance and so tick the cheque box for shrink contents to relieve deejay space on the advanced screen and click Apply/Ok.

For deleting sometime log files and moving log files to different disks you lot can automate the task past writing a script that can be scheduled to run on a daily ground.

There is also an IIS Log Cleaner tool available to perform a cleanup action on the older log files. It is a simple tool to enforce a log retention policy for IIS. This tool deletes the log files older than the maximum age that you set and volition run in the background once every hour. This is a 3rd-party tool so doesn't come with IIS. When you lot run this tool first time it volition generate the settings.txt file in the same folder from where the tool was executed. This settings.txt file contains the configuration like the log file binder to be cleaned and the maximum age at which a log file is deleted.

Analyze IIS Logs

IIS logs can provide the following types of insights

Performance – How fast or slow are our request?
User Behaviour – What a user is doing on the application?
Business Details – Which request has loftier or less volume?
Operational – Total information sent or received by server

IIS logs information can exist used to better the performance of the applications by checking time taken by disquisitional business requests, analyzing user activities to amend navigation & minimizing errors past checking the HTTP status codes and sub condition codes.

Yous can use one of the various available tools to analyze IIS logs. One of the tools is Web log Expert which provides a complete analysis report from IIS Logs.

You can also manually analyze IIS Logs using the costless tool provided by Microsoft i.eastward. Log Parser. Log Parser is a command-line tool used to query IIS Logs. In fact, as per Microsoft, Log Parser is universal query access to text-based data such as log files, XML, CSV & Windows Upshot Logs. Log Parser supports a multifariousness of output formats.

Log parser tin be downloaded from this link . Installation is pretty simple. Alternatively, the Log Parser Studio that is built on top of the log parser tin likewise exist used for the analysis of IIS Logs. Log Parser Studio is a graphical user interface-based tool that comes with many predefined queries that tin can be used for analysis.

Here are a couple of sample log parser queries to read IIS Log files data

                //Total requests count by IP Accost logparser -i:w3c "select c-ip, count(c-ip) as requestcount from [LogFileName] where cs-uri-stalk similar '/popuplarpost.aspx%' group by c-ip order past count(c-ip) desc"  Sample value for [LogFileName] - 'C:\IISLogs\Web\*.log'   //Total of each request past engagement - output getting logged into csv logparser -i:w3c "select engagement, cs-uri-stem, count(*) as TotalRequestCount INTO 'C:\IIS\Reports\TotalRequestsPerDay.csv' from 'C:\IIS\Logs\Web\*.log' group by date, cs-uri-stem Social club BY count(*) desc"

Real-time monitoring of IIS logs to detect security issues or slow-moving requests is likewise possible and can help big time in keeping applications upwards & running.

Reference: https://docs.microsoft.com/en-us/iis/manage/provisioning-and-managing-iis/configure-logging-in-iis

You can also check my another Article explaining how to analyze ASP.Cyberspace application issues – https://procodeguide.com/programming/analyze-aspnet-application-issues/