Posted by & filed under Internet Information Server, Windows / Server.

Below are the log file formats supported in IIS 6. It is important to choose the right one for your server so that you can make use of the data it collects. I personally use W3C Extended because it provides the most information. The downside is that it produces more disk activity, however if you have a fast file system you may not notice a performance hit. I also like the ODBC logging because I can create a web-based front-end to display and manipulate the data/statistics. I’ve outlined the major components of each log format and the information it collects.

Microsoft IIS Log File Format

-Fixed ASCII text-based format.
-Cannot be customized.
-Records: client IP, username, date, time, service, server name, server IP, time taken, client bytes sent, server bytes sent, service status code, Windows status code, request type, target of operation and script parameters.

NCSA Common Log File Format

-Fixed ASCII text-based format.
-Cannot be customized.
-Records: remote host address, remote log name (blank), username, date, time, GMT offset, request and protocol versions, service status code and bytes sent.

W3C Extended Log File Format

-ASCII text-based format.
-Records: Date, Time, Client IP Address, User Name, Service Name and Instance Number, Server Name, Server IP Address, Server Port, Method, URI Stem, URI Query, HTTP Status, Win32 Status, Bytes Sent, Bytes Received, Time Taken, Protocol Version, Host, User Agent, Cookie, Referrer and Protocol Substatus.

ODBC Logging Format

-Records to any ODBC-compliant database (SQL Server, Oracle, Access).
-Records: Client Host, User Name, Log Time, Service, Machine, Server IP, Processing Time, Bytes Received, Bytes Sent, Service Status, Win32 Status, Operation, Target, Parameters.
-In order to use this method of logging the administrator needs to configure a database table with the appropriate fields, and then configure a logon/password for use with the ODBC connector. This is viewed as a security risk. Do not use the SQL server username “SA” for logging (even more of a security risk). This method of logging can also slow down the server due to Http.sys cache being disabled.

(No Ratings Yet)

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>