Logging Fields
Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista
IIS Advanced Logging uses the W3C log file format to log information about all sites on the server. This format is handled by HTTP.sys, and is a customizable ASCII text-based format, which means that you can specify the fields that are logged.
The Advanced Logging feature can log the standard W3C logging fields to log files, and extends logging capability to additional source types. The following source types are supported:
Modules. Logging fields that are published by IIS modules.
Performance Counters. Measurements of system state or activity that are provided by the operating system or by applications near the time of a request.
Request Headers. Standard and custom HTTP headers that are included in a client request.
Response Headers. Standard and custom HTTP headers that are included in a response to a client request.
Server Variables. IIS Server Variables.
The following tables describe the logging fields that are included in the default installation of IIS Advanced Logging, organized by source type. The Advanced Logging feature includes a default log definition named %COMPUTERNAME%-Server, which begins logging requests made to all Web sites on the Web server immediately after the feature is installed, for a selected set of logging fields that are important for media delivery scenarios. The field names of the logging fields that are included in this log definition are marked with the asterisk character (*).
Note
The Advanced Logging feature contains a variety of request and response header logging fields in a Built-In source type. Logging fields from this source type cannot be edited.
%COMPUTERNAME% is an environment variable that the Advanced Logging feature replaces with the computer name in the log file name that it creates. For more information about how the Advanced Logging feature names the log files, see Log Definition Page.
Built-In Logging Fields
| Field | Description |
|---|---|
Client IP Address |
Logs the IP address of the client that made the request. |
*Content Path |
Logs the URL that is the target of the action, such as https://MyServer/MyVideo.wmv. If the client was redirected, this field represents the location to which the client was redirected. |
Date-Local |
Logs the date on which the request occurred, in local time. |
*Date-UTC |
Logs the date on which the request occurred, in Coordinated Universal Time (UTC). |
Method |
Logs the HTTP method, such as GET, that is used in the request. |
Protocol |
Logs the protocol used by the client to access the content (may differ from the protocol requested by the client). A value of Cache indicates that a client played the content from its disk-based cache. |
*Protocol Status |
Logs the HTTP status code. |
Protocol Substatus |
Logs the HTTP substatus code. |
Protocol Version |
Logs the protocol version, either HTTP or FTP, that the client used. |
*Server Name |
Logs the name of the server on which the log file entry was generated. |
Server Port |
Logs the server port number that is configured for the service. |
Server IP Address |
Logs the IP address of the server on which the log file entry was generated. |
Service Name |
Logs the Internet service name and instance number that was running on the client at the time that the request was made. |
Time Taken |
Logs the length of time that the transaction took, in milliseconds. |
Time-Local |
Logs the time at which the request occurred, in local time. |
*Time-UTC |
Logs the time at which the request occurred, in UTC. |
*URI Query |
Logs the query, if any, that the client was trying to perform. A URI query is necessary only for dynamic pages. |
*URI Stem |
Logs the Uniform Resource Identifier (URI) that is the target of the action, such as Default.htm. |
*Win32 Status |
Logs the Windows status code. |
* Enabled in the %COMPUTERNAME%-Server log definition.
Module Logging Fields
| Field | Description |
|---|---|
Begin Request-UTC |
Logs when processing of an HTTP request started, in UTC. |
*Bytes Received |
Logs the total number of bytes received by the client from the server. The value does not include any overhead that is added by the network stack. |
*Bytes Sent |
Logs the total number of bytes the server sent to the client. The value does not include any overhead that is added by the network stack. This field contains a hyphen in propagated cache/proxy logs. |
End Request-UTC |
Logs when processing of an HTTP request ended, in UTC. |
* Enabled in the %COMPUTERNAME%-Server log definition.
Performance Counter Logging Fields
| Field | Description |
|---|---|
CPU Utilization |
Logs the percentage of elapsed time that the processor spends to run a non-idle thread. |
Requests / Second |
Logs the HTTP requests/sec being processed by the worker process. |
W3WP Private Bytes |
Logs the current size, in bytes, of memory that the W3WP process has allocated that cannot be shared with other processes. |
Request Header Logging Fields
| Field | Description |
|---|---|
Cookie |
Logs the content of the cookie that is sent or received, if any. |
Host |
Logs the host header name, if any. |
Proxy |
Logs whether the client connected through a cache/proxy server. |
*Referer |
Logs the site that the user last visited, which provided a link to this site. |
User Agent |
Logs the browser from which the request originated. |
User Name |
Logs the name of the authenticated user who accessed the server. Anonymous users are indicated by a hyphen. |
* Enabled in the %COMPUTERNAME%-Server log definition.