In this article, we will look into built-in logging feature of IIS 7/7.5 to log request's details. IIS log is a useful resource to troubleshoot requests. In IIS 7/7.5, we can log the details of a request like client ip, time taken, response size, cookie etc into a file. This information helps to find the load on the server in terms of number of requests, size and time taken to serve the request. Let’s open IIS, configure logging for a website and analyse it. We can configure Logging at Server level or website level. Let’s do it at website level, go to Default Web Site, go to Logging feature and click Enable:
In below Logging dialog, we can configure format of the log file, it can be:
1) IIS - IIS log file format is a fixed ASCII text-based format, so you cannot customize it [Can’t select fields] and fields are separated by comma.
2) W3C [default format]: It is a customizable ASCII text-based format. You can use IIS Manager to select which fields to include in the log file and fields are separated by spaces.
3) NCSA – its log file format is a fixed ASCII text-based format, so you cannot customize it and contains less information than IIS log format.
4) Custom - ODBC logging is implemented as a custom logging module and helps to log information into ODBC-compliant database like SQL Server or MS-ACCESS.
Select W3C as log format, click on Select Fields and choose fields that need to be logged in the log file.
We can set location\directory for the log files, set options to create a new log file based on file size, daily or weekly etc. When we check “Use local time for file naming and rollover”, will use local server time instead of UTC for log file naming and time for log file rollover. This setting will not affect the time field format of the request logged in the file and uses UTC time format.
Let’s may a request to welcome.png present in Default Web Site and analyze the log file. This log file will be under path set in Logging Feature + W3SVC<website identifier>. In my case, it is “C:\inetpub\logs\LogFiles\W3SVC1” and contains below information:
Most of the fields are self-explanatory and field prefixes have the following meanings:
s- Server actions
c- Client actions
cs- Client-to-server actions
sc- Server-to-client actions
time-taken field will show total time taken to generate the response as well as time took to send the complete response to the client till the last byte. This is done by taking into account the last ACK from the answer to the response. Let’s say, a request took 5000 milliseconds to generate the response and 3000 milliseconds to send complete response to the client, so it will show time-taken as 8000 milliseconds.
Most of the above logging features are also available on a FTP site as well.
In most of the cases, your log file will be very big in size and can’t be analyzed in a notepad. In that scenario, we can use Log parser (Available here). Let’s install it and open our log file as shown below:
Click on New Query from File Menu and select Log type as IISW3CLOG and hit F5. Result will be as shown below:
We can even write our own queries in SQL syntax to filter the data:
SELECT TOP 10 * FROM '[LOGFILEPATH]' where time-taken >100
As well, there are few set of built-in queries for IIS in Library tab as shown below:
By using Log Parser studio, we can analyse large log files to find out load, performance issues to page or user level. We can use IIS logs as a first step to troubleshoot performance issues. This log helps us to find out any performance issues exist or not, if exist which page taking time to respond back etc. I will end this article, by mentioning tools helpful in troubleshooting IIS issues in scenarios like crash, hang, high CPU or memory etc [We will discuss on below tools in depth in coming articles]:
1) IIS Logging
2) IIS Advanced Logging
3) FREB Tracing [Failed Request Tracing]
4) Fiddler or IE Developer Tools
5) Memory dumps collection ofw3wp.exe using Debug Diag or AD Plus.
6) Memory dumps analysis using WinDbg tool.
I hope this article will be helpful for all.