Understanding IIS Log Files

Understanding IIS Log Files: Operating Instructions

Ilon Adams Developer Tips, Tricks & Resources

Tell the Whole Story with Integrated Logs + Errors


Understanding IIS Log Files

Commonly, your website or app functions perfectly until you release it. During testing, you might seem to have control over everything. But, sooner or later, you will face some challenges. In fact, it is totally normal when something goes wrong. The most important thing is how you settle these problems. In most cases, issues with availability alerts and users’ complaints can be addressed by the means of IIS logs. IIS logging will provide you with the necessary data to deal with a breakdown. Thus, DevOps experts usually recommend prioritizing IIS issues as they can help to correct other malfunctions in the future. We talked about it in more detail in this article.

IIS logs are meant to record data from Internet Information Services, web pages, and apps. While IIS itself contributes to the scalability and flexibility of web resources, the log files contain specific statistics about the websites, user data, site visits, IPs, and queries. These files can help you detect a problem on your web page to further, optimize your website performance.

IIS logs are often associated with nontypical file formats along with other specificities. In
this article, we will look into how to read IIS logs, interpret and analyze them.

Understanding IIS Logging: File formats

While using IIS logs, you can employ different file formats. For example, the W3C format is set by default, but you can easily change it. It includes ASCII characters with LF and CRLF endings. The next option is the IIS log file that is a fixed format, storing more data than the alternatives. It records data including request time and date, target files, user information, IP addresses, service status, etc. This file format can be distinguished by the use of commas instead of spaces.

Another common file format is NCSA that can be used on websites but is not available for FTP. Unlike the IIS format, it uses blanks to separate characters. And it is not really different from W3C and IIS in terms of the data recorded. However, the W3C format is often considered the easiest to understand and interpret.

What else should you know about log formats? 

  • IIS logs can record certain files by IIS site, by the hour, and by day;
  • Any format does not allow spaces, so there is a dash (-) in the fields, lacking value;
  • Character “#” at the beginning of the line identifies a comment;
  • If IIS is restarted, it will be recorded in the log together with the date and the current version.

Using IIS Manager and Other Tools

There are different ways and tools to manage IIS logs. And IIS Manager is one of the most commonly used options. It is basically the easiest way to access IIS logs. To find the IIS files in Windows Server 2012, start the Server Manager and select IIS on the left part of the display. Then, choose the server set for IIS (by right-click), and you will see another menu where you should click Internet Information Services Manager. Being a system administrator, you can define where to store logs by changing a directory. If you have never enabled IIS logging before (or work on a new device), check whether there is enough space for IIS file storage.

Reading logs is a crucial skill that helps to identify and settle problems. Understanding IIS logs may seem to be not a big deal and it is often disregarded. There is an art to sorting necessary data from excessive details. In the end, if you cannot locate and eliminate a problem in its early inception, it will grow more serious in the future. If you are aware of how to extract and use this data, you will definitely be able to deal with malfunctions as fast as possible. 

Plus, modern tools will help you optimize the logs reading and manage them in a more effective way. One of such tools recommended by experts from Alpacked is Stackify Retrace. It allows analyzing logs, interpreting and understanding them in no time. 

Stackify: All your logs in one place

Take Your IIS Logging under Control

Once you know where your IIS logs are stored, it is time to enable them. The process does not take long and is done through the following stages :

  • Start the Internet Information Services Manager and choose the site where you want to use logging on in the Connections tree view;
  • Click Logging in the Features View twice;
  • In the Log File section, choose a log format;
  • Identify a location where you want to store your logs;
  • In the Action panel, click Apply. 

While using the W3C format (set by default), you may indicate the fields to be logged. For instance, you can opt for recording client IPs, server IPs, time and date, HTTP status code, etc. It is also recommended to define a rollover scheduled for logging because a lot of internet traffic can result in large log files. Therefore, to manage logs effectively, it makes sense to put some limitations. The rollover schedule allows defining how often log files should be recorded (monthly, weekly, daily, or hourly) and what size they can reach.

Wrapping Up

IIS logs can significantly contribute to the productivity of your web resources. But to use them effectively, you have to analyze and track them on a regular basis. It is also quite useful to develop an approach to IIS logs monitoring to keep issues under control. Helpful tools will facilitate your work with logs and by employing them you can indicate problems from the offset.