Access logs format string
Configuration
The configuration file should be located at:
C:\inetpub\logs\LogFiles\<YourSiteName>
Access logs can be configured from the IIS Manager.
To open the IIS Manager, go to Control panel→Administrative tools→Internet Informations Service (IIS) Manager.
Once inside, click on Logging to edit the logs settings.
Logs format modules
Available logs formats (supported by LogDoctor) are:
- IIS
- NCSA
- W3C
Comma-separated values, can't be customized further. The file name is usually something like u_in<DATE>.log
Whitespace-separated values, can't be customized further. The file name is usually something like u_nc<DATE>.log
Whitespace-separated values, can be customized by selecting which fields to log. The file name is usually something like u_ex<DATE>.log
Suggested logs format
The suggested logs module is the W3C one, which will allow using the complete set of functionalities of LogDoctor.
The suggested fields to use are the following:
date, time, cs-method, cs-uri-stem, cs-uri-query, c-ip, cs-version, cs(User-Agent), cs(Cookie), cs(Referer), sc-status, sc-bytes, cs-bytes, time-taken
Logs format strings
Both the IIS and NCSA modules are standard, and thus LogDoctor doesn't need the format string to be specified.
The W3C module can be customized and so a format string must be specified. It can be found insed any log file created using this format module, searching the line starting with #Fields:.
W3C logs format fields
Fields considered by LogDoctor
Only the following fields will be considered, meaning that only these fields' data will be stored and used for the statistics.
| Code | Informations |
|---|---|
| date | The date on which the activity occurred (UTC). |
| time | The time at which the activity occurred (UTC). |
| cs-version | The request protocol (HTTP/v, HTTPS/v). |
| cs-method | The request method (GET, POST, HEAD, ...). |
| cs-uri-stem | The URI path requested, not including any query string. |
| cs-uri-query | Query string (if any). |
| sc-status | HTTP status code. |
| cs-bytes | The number of bytes received and processed by the server. |
| sc-bytes | The number of bytes sent back by the server. |
| time-taken | Time taken to serve the request, in milliseconds |
| cs(Referer) | The site which provided a link to the current site. |
| cs(Cookie) | The content of the cookie sent or received (if any). |
| cs(User-Agent) | Web-browser or bot identification string |
| c-ip | The IP address of the client that made the request. |
Fields discarded by LogDoctor
Any field than the ones above won't be considered by LogDoctor.
When generating a log sample, these fields will appear as 'DISCARDED'.
If you aint using logs for any other purpose, please remove unnecessary fields to make the process faster and reduce the possibility of errors.
References
- Configure IIS logging:
https://docs.microsoft.com/en-us/iis/manage/provisioning-and-managing-iis/configure-logging-in-iis - Logs format modules overview:
https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms525807(v=vs.90) - The W3C log format:
https://docs.microsoft.com/en-us/windows/win32/http/w3c-logging