IIS Logs
Internet Information Services (IIS) is a part of Windows Server and provides web applications and services such as HTML, ASP.NET, and PHP to clients on networks. IIS supports protocols such as HTTP, HTTPS, FTP, and SMTP. It is widely used for website deployment and management in Windows.
IIS logs record web activities on IIS servers. These logs usually contain detailed information about HTTP requests and responses, such as the request time, request source, requested resource, protocol version, user agent, and response status.
An IIS log contains the following fields:
- Date and time: date and time when the request was sent.
- Client IP address: IP address of the client that initiated the request.
- Username: displayed if the request was authenticated; a hyphen (-) is shown otherwise.
- Request method: GET, POST, etc.
- Requested resource: URL of the request.
- Protocol version: HTTP/1.1, HTTP/2, etc.
- User agent: a string used by the client to describe itself, such as the browser type and version.
- Response status: HTTP status codes, such as 200 (success) and 404 (not found).
- Response bytes: number of bytes sent by the server to the client.
- Request processing time: the duration between the initiation and completion of the request.
In addition to these basic fields, IIS logs can also contain custom fields, depending on the IIS configuration and installed extensions.
Collection Method
Install ICAgent and configure ECS text log ingestion by referring to Installing ICAgent (Intra-Region Hosts) and Ingesting ECS Text Logs to LTS. Then, ICAgent will collect ECS text logs and report them to LTS.
IIS Log Examples and Fields
#Software: Information Services 10.0 #Version: 1.0 #Date: 2023-09-21 02:59:24 #Fields: date time s-ip cs-method cs-uri-stem cs-uri-query sc-status sc-substatus sc-win32-status time-taken 2023-09-21 02:59:24 192.168.1.1 GET /index.html - 301 0 0 123 2023-09-21 02:59:25 192.168.1.1 GET /index.html/ 403 0 2 56
|
Field |
Description |
Example |
|---|---|---|
|
#Software |
Information about the software that generated the log. |
Information Services 10.0 |
|
#Version |
Version of the log file. |
1.0 |
|
#Date |
Date and time when the log was recorded. |
2023-09-21 02:59:24 |
|
#Fields |
Defines the fields of the log entry. |
date time s-ip cs-method cs-uri-stem cs-uri-query sc-status sc-substatus sc-win32-status time-taken |
|
date |
Date when the request occurred. |
2023-09-21 |
|
time |
Time when the request occurred. |
02:59:24 |
|
s-ip |
Source IP address, that is, the IP address of the client that initiated the request. |
192.168.1.1 |
|
cs-method |
HTTP method of the request. |
GET |
|
cs-uri-stem |
Request URL. |
/index.html |
|
cs-uri-query |
Request URI query string. |
In this example, the query string of the first request is empty. |
|
sc-status |
HTTP status code, indicating the response status of the server. |
301 |
|
sc-substatus |
Sub-status code, which provides more details about the HTTP status code. |
0 |
|
sc-win32-status |
Win32 status code, indicating the Windows system error code related to the HTTP status code. |
In this example, the Win32 status code is 0 or 2, indicating that there is no error or a specific system error. |
|
time-taken |
Duration from the start to the end of the request, in milliseconds. |
123 |
Log Location
The location of IIS log files depends on the configuration and version of IIS. However, IIS log files are usually located in one of the following server paths:
- Windows Server 2008 R2 and earlier:
%SystemDrive%\inetpub\logs\LogFiles\W3SVC<Site ID>
- Windows Server 2012 R2 and later (including IIS on Windows 10):
%SystemDrive%\inetpub\logs\LogFiles\<Site name>
- Configuration through IIS Manager:
- Open IIS Manager: Enter Internet Information Services (IIS) Manager in the Windows search bar and open it. Alternatively, choose Control Panel > Administrative Tools to locate IIS Manager.
- Navigate to the site:
- In the left navigation pane of IIS Manager, expand your server name.
- Then, items such as Website or Application pool are displayed. Click Website to check your website list.
- Locate the website for which you want to configure logs and click it.
- Configure log settings:
- Under the selected website, double-click Logging to access the logging setting page.
- Check the storage location of the current log file and other related settings in the right pane.
- Modify the log file directory:
- In the right pane, click the Browse button next to the Contents area.
- A file browser window is displayed.
- Select the folder where you want to store the log files and click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
