For those of us that work with IIS log files, enjoy the table below. The challenge is to know which fields within the logs will provide you with actionable data. For instance, will knowing the User-Agent string of each visitor to your site help your business? Eric Peterson covers this topic very well in his book, "Web Analytics Demystified." It would also be helpful to understand how to enable/disable specific fields within IIS manager along with the status codes for each server call.
The W3C Extended log file format is the default log file format for IIS. It is a customizable ASCII text-based format. You can use IIS Manager to select which fields to include in the log file, which allows you to keep log files as small as possible. Because HTTP.sys handles the W3C Extended log file format, this format records HTTP.sys kernel-mode cache hits.
|Field||Appears As||Description||Default Y/N|
The date on which the activity occurred.
The time, in coordinated universal time (UTC), at which the activity occurred.
Client IP Address
The IP address of the client that made the request.
The name of the authenticated user who accessed your server. Anonymous users are indicated by a hyphen.
Service Name and Instance Number
The Internet service name and instance number that was running on the client.
The name of the server on which the log file entry was generated.
Server IP Address
The IP address of the server on which the log file entry was generated.
The server port number that is configured for the service.
The requested action, for example, a GET method.
The target of the action, for example, Default.htm.
The query, if any, that the client was trying to perform. A Universal Resource Identifier (URI) query is necessary only for dynamic pages.
The HTTP status code.
The Windows status code.
The number of bytes that the server sent.
The number of bytes that the server received.
The length of time that the action took, in milliseconds.
The protocol version —HTTP or FTP —that the client used.
The host header name, if any.
The browser type that the client used.
The content of the cookie sent or received, if any.
The site that the user last visited. This site provided a link to the current site.
The substatus error code.