Microsoft Internet Information Server automatically logs all activity on your server. You can use this information to analyze traffic to your site and identify possible problems.
This chapter explains how to:
When you set up Internet Information Server, you enable logging to see who has been using the server and how many times your online information was accessed.
To configure logging:
In Internet Service Manager, double-click the service to display its property sheets. The Logging property sheet sets logging for the selected information service.
When logging to a file, the maximum total log line is 1200 bytes. Each field is limited to 150 bytes.
When using ODBC for logging, each field is limited to 200 bytes.
To start logging, select the Enable Logging check box on the Logging property sheet. To stop logging, clear the Enable Logging check box.
Choose Log to File to log activity information for the selected information service to a text file.
Select to generate new logs using the specified frequency. If not selected, the same log file will grow indefinitely.
Sets the directory containing the log file.
Lists the filename used for logging. If multiple services are configured to log to the same directory, they will use the same file.
2. Select the Enable Logging check box.
3. Select Log to File.
4. To create a new log file when certain conditions are met, select the Automatically open new log check box.
*SLOG if Automatically open new log is not enabled.
*Snnn.LOG (where nnn is a sequentially increasing number) if When file size reaches is enabled.
*mmddyy.LOG (where mmddyy is the month, day, and year when the log file is created) if one of the Daily, Weekly, or Monthly options is enabled.
For the Daily, Weekly, or Monthly option, the log file is closed the first time a log record is generated after midnight on the last day of the current log file. The new log filename will include the date of the first day in the log file.
For the When file size reaches option, every time the log file is closed and a new one is created, the sequential number in the filename is incremented.
When logging to a file, the maximum total log line is 1200 bytes. Each field is limited to 150 bytes.
When you install Microsoft Internet Information Server, logging to a file is the default method of logging. If you prefer to collect logs in a database, you must install ODBC version 2.5. You should then use the sample HTML pages installed with Internet Information Server to set up logging to a database. To access the pages, ensure that the WWW service is running, then in the Internet Explorer or another browser, type the local computer name. Alternatively, you can follow the manual procedure in this Help topic.
For best results, log to a Microsoft SQL Server version 6.0 database. If you do not want to log to a database or use the Internet Database Connector on a Web server, do not install any ODBC drivers.
Choose Log to SQL/ODBC Database to log activity information to any Open Data Base Connectivity (ODBC)-compliant data source. Set the Data Source Name (DSN), Table, and specify the username and password to use when logging to the database.
When using ODBC for logging, each field is limited to 200 bytes.
ClientHost char(50), username char(50), LogDate char(12),
LogTime char(15), service char(20), machine char(20),
serverip char(50), processingtime int, bytesrecvd int,
bytessent int, servicestatus int, win32status int,
operation char(200), target char(200), parameters char(200) )
2. Click the Logging tab.
3. Select the Enable Logging check box.
4. Select Log to SQL/ODBC database.
5. In the ODBC Data Source Name (DSN) box, type the DSN that you added in step 2 of the previous procedure.
6. In the Table field, type the name of the table (not the filename of the table).
7. In the User Name and Password fields, type a username and password that is valid for the computer on which the database resides.
8. Click Apply and then click OK.
Often, the SQL Server database is kept on a separate computer. If you want to log activity to a SQL Server database located on another computer, Internet Information Server uses an anonymous user account (as set in the Sessions dialog box). The username must be a valid user account on the other computer. Even if the database is the same computer as the Internet Information Server (called local by Internet Information Server), the anonymous user must have permission to access the database.
Following are three entries from a log from a server running the WWW, gopher, and FTP service; the entries are in two tables only because of page width limitations.
Clients IP address | Clients username | Date |
Time |
Service |
Computer name | IP address of server |
10.75.176.21 | - | 12/11/95 | 7:55:20 | W3SVC | TREY1 | 10.107.1.121 |
10.16.7.165 | anonymous | 12/11/95 | 23:58:11 | MSFTPSVC | TREY1 | 10.107.1.121 |
10.55.82.244 | - | 12/11/95 | 0:00:34 | GopherSvc | TREY1 | 10.107.1.121 |
Processing time |
Bytes received |
Bytes sent |
Service status code |
Windows NT status code | Name of the operation |
Target of the operation |
29282 | 277 | 3223 | 200 | 0 | GET | small.gif |
60 | 14 | 0 | 0 | 0 | [376] PASS | intro |
27069 | 21 | 62184 | 0 | 0 | file | form1.bmp |
Parameters for the operation, if applicable, will be listed in the final fields.
You can use any ODBC-supported database to log server activity. Logging to a database can allow you to direct the logging of all Internet Information Server services to a single source.
You can use any ODBC-compliant application to view the log data in your database.
In addition, you can use the Internet Database Connector to view log data in a Web browser.
The Microsoft Internet Log Converter converts Microsoft Internet Server log files to either European Microsoft Windows NT Academic Centre (EMWAC) log file format or the Common Log File format. Convlog.exe is located in the \Inetsrv\Admin directory. At the command prompt, type convlog without parameters to see syntax and examples.
2. In a command prompt window, type the convlog command. See the syntax and examples below.
f = Process FTP log entries
g = Process gopher log entries
w = Process WWW log entries
The default for the -s switch is to convert logs for all services.
m[cachesize] = Specifies to convert IP addresses to computer names. The default cachesize is 5000 bytes.
i = Specifies to not convert IP addresses to computer names.
convlog -t ncsa:-0300 in*.log
convlog -o \\stats\logs c:\logs\in*.log
convlog -sfg in*.log
convlog -nm *.log
convlog -t none -nm:20000 *.log
© 1996 by Microsoft Corporation. All rights reserved.