Travel Distance Calculator

Tuesday, April 3, 2007

W3C Extended Log File Format (IIS 6.0)

For those of us that work with IIS log files, enjoy the table below. The challenge is to know which fields within the logs will provide you with actionable data. For instance, will knowing the User-Agent string of each visitor to your site help your business? Eric Peterson covers this topic very well in his book, "Web Analytics Demystified." It would also be helpful to understand how to enable/disable specific fields within IIS manager along with the status codes for each server call.

The W3C Extended log file format is the default log file format for IIS. It is a customizable ASCII text-based format. You can use IIS Manager to select which fields to include in the log file, which allows you to keep log files as small as possible. Because HTTP.sys handles the W3C Extended log file format, this format records HTTP.sys kernel-mode cache hits.

FieldAppears AsDescription Default Y/N

Date

date

The date on which the activity occurred.

Y

Time

time

The time, in coordinated universal time (UTC), at which the activity occurred.

Y

Client IP Address

c-ip

The IP address of the client that made the request.

Y

User Name

cs-username

The name of the authenticated user who accessed your server. Anonymous users are indicated by a hyphen.

Y

Service Name and Instance Number

s-sitename

The Internet service name and instance number that was running on the client.

N

Server Name

s-computername

The name of the server on which the log file entry was generated.

N

Server IP Address

s-ip

The IP address of the server on which the log file entry was generated.

Y

Server Port

s-port

The server port number that is configured for the service.

Y

Method

cs-method

The requested action, for example, a GET method.

Y

URI Stem

cs-uri-stem

The target of the action, for example, Default.htm.

Y

URI Query

cs-uri-query

The query, if any, that the client was trying to perform. A Universal Resource Identifier (URI) query is necessary only for dynamic pages.

Y

HTTP Status

sc-status

The HTTP status code.

Y

Win32 Status

sc-win32-status

The Windows status code.

N

Bytes Sent

sc-bytes

The number of bytes that the server sent.

N

Bytes Received

cs-bytes

The number of bytes that the server received.

N

Time Taken

time-taken

The length of time that the action took, in milliseconds.

N

Protocol Version

cs-version

The protocol version —HTTP or FTP —that the client used.

N

Host

cs-host

The host header name, if any.

N

User Agent

cs(User-Agent)

The browser type that the client used.

Y

Cookie

cs(Cookie)

The content of the cookie sent or received, if any.

N

Referrer

cs(Referrer)

The site that the user last visited. This site provided a link to the current site.

N

Protocol Substatus

sc-substatus

The substatus error code.

Y

2 comments:

Anonymous said...

Are you saying that you'd like to turn off user-agent tracking in the log file if you could? Yikes! We use it for two things: 1) getting a handle on browser/OS/version of traffic to our site so we can figure out what we need to support (okay -- our Web analytics package does that for us...by parsing the user-agent string), 2) troubleshooting weird traffic patterns -- one of the first places we look when we see an unexpected spike is at the user-agents that hit it, even though we're generally looking at our page tag log files, there are still crawlers that execute JS and don't get filtered out by our analytics package.

The latter is not directly actionable, I admit. But, it's indirectly actionable in that it's step one in determining what drove unexpected traffic to the site or a page; if user-agent looks good, then we start looking at referring sites (did we get PR we didn't know about...and should we partner more with that site, for instance), promotions, etc.

Adam Berlinger said...

I am not suggesting that in any way, shape or form. My goal here is to encourage you to ask yourselves what you might need to have enabled within a log file and why. You address this beautifully in your response regarding the User Agent String. Thanks for your post!