Logging Server Activity
Each of the services contained in Microsoft Internet Information Server can be configured to log information about who accessed the server and what information they accessed. This data can help you fine-tune your site, plan for the number of users that regularly gain access to your site, assess content, and audit security.
The logging feature in Internet Information Server has been designed for flexibility in the following areas:
This chapter explains how to:
To configure logging:
2. Select the Enable Logging check box.
3. Select Log to File.
4. In the Log Format box, select the logging format you want, either Standard or NCSA.
5. To create a new log file when certain conditions are met, select the Automatically open new log check box.
For the When file size reaches option, every time the log file is closed and a new one is created, the sequential number in the file name is incremented.
When logging to a file, the maximum total log line is 1200 bytes. Each field is limited to 150 bytes.
For best results, log to a Microsoft SQL Server version 6.5 database. If you do not want to log to a database or use the Internet Database Connector on a Web server, do not install any ODBC drivers.
Choose Log to SQL/ODBC Database to log activity information to any Open Database Connectivity (ODBC)-compliant data source. Set the ODBC Data Source Name (DSN), Table, and specify the user name and password to use when logging to the database.
When using ODBC for logging, each field is limited to 255 bytes.
Note Logging to a database increases the amount of time and resources needed to service WWW (HTTP), FTP, and gopher requests. Therefore, if your site has heavy traffic, you should log to the file system to maximize performance.
ClientHost varchar(255), username varchar(255), LogTime datetime, service varchar(255), machine varchar(255), serverip varchar(50), processingtime int, bytesrecvd int, bytessent int, servicestatus int, win32status int, operation varchar(255), target varchar(255), parameters varchar(255)
You can find these values in the Logtemp.sql file in the Inetsrv folder.
Note For Microsoft® Access, the system DSN is the file name of your database.
2. Click the Logging tab.
3. Select the Enable Logging check box.
4. Select Log to SQL/ODBC database.
5. In the ODBC Data Source Name (DSN) box, type the system DSN that you added in step 2 of the previous procedure.
6. In the Table field, type the name of the table (not the file name of the table).
7. In the User Name and Password fields, type a user name and password that is valid for the computer on which the database resides.
8. Click Apply and then click OK.
|Clients IP address||Clients username||Date||Time||Service||Computer name||IP address of server|
|Elapsed time||Bytes received||Bytes sent||Service status code||Windows NT status code||Name of the operation||Target of the operation|
Note All fields are terminated with a comma (,). A hyphen acts as a placeholder if there is no valid value for a certain field.
As a sample interpretation of logging data, the first entry in the table says that an anonymous client with the IP address of 10.75.176.21 downloaded (issued a GET command for) the file Small.gif at 7:55 AM on December 11, 1995, from a server named TREY1 at IP address 10.107.1.121. The 163-byte HTTP request had an elapsed processing time of 4502 milliseconds (almost half a second) to complete (without error) and returned 3223 bytes of data to the anonymous client.
The following example shows a log file in NCSA format:
22.214.171.124 - REDMOND\doug [07/Jun/1996:17:39:04 -0800] "POST /iisadmin/default.htm?-, HTTP/1.0" 200 3401
|Remote host name||Clients username||Date||Time|
|Request||Service Status code||Bytes received|
|GET /scripts/iisadmin/ism.dll?http/serv, HTTP/1.0||200||5125|
You can use any ODBC-compliant application to view the log data in your database.
In addition, you can use the Internet Database Connector to view log data in a Web browser.
if you have created Microsoft Internet Information Server log files in Standard format and want to convert them to either the EMWAC log file format or NCSA Common Log File format, use the Microsoft Internet Log Converter (Convlog.exe). At the command prompt, type convlog without parameters to see syntax and examples.
2. In a command-prompt window, type the convlog command. See the syntax and examples below.
f = Process FTP log entries
g = Process gopher log entries
w = Process WWW log entries
The default for the -s switch is to convert logs for all services.
m[cachesize] = Specifies to convert IP addresses to computer names. The default cachesize is 5000 bytes.
i = Specifies to not convert IP addresses to computer names.
convlog -t ncsa:-0300 in*.log
convlog -o \\stats\logs c:\logs\in*.log
convlog -sfg in*.log
convlog -nm *.log
convlog -t none -nm:20000 *.log
© 1996 by Microsoft Corporation. All rights reserved.