Set W3C Extended Logging

Logging is paramount when you want to determine whether a cluster member is being attacked after a suspected attack has occurred. To enable logging, use the World Wide Web Consortium (W3C) extended logging format.

To enable W3C extended logging within IIS

  1. In the Internet Information Services snap-in, right-click the site to log, and then click Properties.

  2. In the Properties dialog box, on the Internet Information Services tab, in the Master Properties box, click WWW Service, and then click Edit.

  3. In the WWW Service Master Properties dialog box, click the Web Site tab.

  4. Select the Enable Logging check box.

  5. In the Archive log format box, click W3C Extended Log File Format, and then click Properties.

  6. In the Extended Logging Properties dialog box, click the Extended Properties tab, and then set the following properties:

    • Client IP Address 

    • User Name 

    • Method 

    • URI Stem 

    • HTTP Status 

    • Win32 Status 

    • User Agent 

    • Server IP Address 

    • Server Port 

      Server IP Address and Server Port are useful for hosting multiple Web sites on a single server.

      Win32 Status is useful for debugging purposes. Beware of error "5" and access denied errors. These indicate that someone might have tried, and failed, to attack a member. To determine what a Microsoft Win32® error means, at the command prompt, type

      net helpmsg err 

      Where err is the error number that you want more information about.

Did you find this information useful? Please send your suggestions and comments about the documentation to acdocs@microsoft.com.