10 IIS Logging Best Practices

IIS logging is an important part of any web server setup. It provides valuable information about the performance and usage of your web server, and can be used to troubleshoot problems and identify security issues.

However, IIS logging can also be a source of performance issues if not configured correctly. In this article, we will discuss 10 best practices for configuring IIS logging to ensure optimal performance and security.

1. Logging Level

Logging level determines the amount of data that is logged. If you set it too low, then important information may be missed. On the other hand, if you set it too high, then your logs will become bloated and difficult to read.

The best practice for setting logging levels is to start with a lower level (such as “Information”) and gradually increase it until you find the right balance between capturing enough data without overwhelming your log files. You can also use IIS’s built-in filters to further refine what gets logged.

2. Log File Location

Log files can quickly become large and take up a lot of disk space. If the log file is stored in the same location as your web application, it could cause performance issues or even crash the server if the disk runs out of space.

To avoid this issue, make sure to store IIS logs on a separate drive from your web applications. This will ensure that there’s enough disk space for both the application and the log files. Additionally, you should also consider setting up automated log rotation so that old log files are deleted after a certain period of time. This will help keep your disk usage low and prevent any potential performance issues.

3. Log File Naming Convention

Log files are created on a daily basis, and if you don’t have a naming convention in place, it can be difficult to identify which log file contains the data you need.

A good naming convention should include the date of the log file, as well as any other relevant information such as the server name or application name. For example, a log file for an IIS web server could be named “IIS_ServerName_YYYYMMDD.log”. This makes it easy to quickly identify the log file you need without having to open each one individually.

4. Web Site ID in the Log Files

The Web Site ID is a unique identifier for each website hosted on the server. This allows you to easily identify which log files belong to which websites, making it easier to troubleshoot and analyze performance issues.

Having the Web Site ID in the log files also makes it easier to track down malicious activity or security breaches. If an attacker has compromised one of your websites, having the Web Site ID in the logs will make it much easier to pinpoint exactly which site was affected.

Finally, having the Web Site ID in the log files can help with compliance requirements. Many regulations require that organizations keep detailed records of their web traffic, and having the Web Site ID in the logs helps ensure that these records are accurate and up-to-date.

5. Disable IIS Logs for Static Content

Static content, such as images and HTML files, are not dynamic and do not require logging. Logging these requests can cause unnecessary disk space usage and slow down the server.

To disable IIS logs for static content, open up the Internet Information Services (IIS) Manager and navigate to the website you want to configure. Then select “Logging” from the left-hand menu. On the right side of the window, uncheck the box next to “Enable logging” and click “Apply”. This will prevent IIS from logging any requests for static content.

6. Use Centralized Log Management System

Centralized log management systems allow you to collect, store, and analyze all of your IIS logs in one place. This makes it easier to identify trends and patterns that can help you detect security threats or performance issues. It also allows you to quickly search through large amounts of data for specific events or errors.

Using a centralized log management system also helps ensure that your IIS logs are secure and compliant with industry regulations. You can set up alerts so that you’re notified when certain conditions occur, such as an unauthorized user attempting to access the server. And since the logs are stored in a central location, they can be easily backed up and restored if needed.

7. Enable Failed Request Tracing

Failed Request Tracing allows you to track the exact steps that a request takes as it is processed by IIS. This can be invaluable when troubleshooting issues with your web applications, as it provides detailed information about what went wrong and why.

To enable Failed Request Tracing in IIS, open up the Internet Information Services (IIS) Manager, select the website or application pool you want to trace requests for, and then click on “Failed Request Tracing Rules” under the “Management” section. From there, you can configure the rules for which requests should be traced, such as specific HTTP status codes or timeouts. Once enabled, all failed requests will be logged in the “FailedReqLogFiles” folder located in the root of your website.

8. Enable ETW Logging

ETW (Event Tracing for Windows) is a powerful logging system that can provide detailed information about the performance of your IIS server. It’s especially useful when troubleshooting issues, as it provides more granular data than traditional log files.

ETW logging also allows you to track user activity on your site in real-time, which can be invaluable for security purposes. Additionally, ETW logs are stored in an easily accessible format, making them easier to analyze and interpret.

Enabling ETW logging requires some setup, but once it’s done, you’ll have access to much more detailed information about your IIS server’s performance. This will help you identify potential problems quickly and take corrective action before they become major issues.

9. Enable HTTP Strict Transport Security (HSTS)

HSTS is a security protocol that helps protect your website from man-in-the-middle attacks. It does this by telling browsers to only access the site using HTTPS, and not HTTP.

Enabling HSTS on IIS requires you to add an entry in the web.config file for each domain or subdomain you want to secure. You can also set the max-age parameter to determine how long the browser should remember the HSTS policy before it needs to be revalidated.

By enabling HSTS, you’ll help ensure that all traffic to and from your website is encrypted and secure. This will help protect your customers’ data and give them peace of mind when visiting your website.

10. Enable HTTP/2 Protocol

HTTP/2 is a major revision of the HTTP protocol, and it offers several advantages over its predecessor. It reduces latency by compressing headers, allows for multiplexing requests, and supports server push technology.

Enabling HTTP/2 on your IIS server will improve performance and reduce page load times. This can be done through the IIS Manager console or via PowerShell commands. Once enabled, you should monitor your logs to ensure that the new protocol is being used correctly. If not, you may need to adjust settings or troubleshoot any issues.