This log file format is used by used by Microsoft Internet Information Server (IIS) 4.0, 5.0 and 6.0.
A log file in the extended format contains a sequence of lines containing ASCII characters. Each line may contain either a directive or an entry. Entries consist of a sequence of fields relating to a single HTTP transaction. Fields are separated by white space. If a field is unused in a particular entry dash "-" marks the omitted field. Directives record information about the logging process itself.
Lines beginning with the # character contain directives. The following directives are defined:
Version: <integer>.<integer>
The version of the extended log file format used. This draft defines version 1.0.
Fields: [<specifier>...]
lists a sequence of field identifiers specifying the information recorded in each entry.
Software: string
Identifies the software which generated the log.
Start-Date: <date> <time>
The date and time at which the log was started.
End-Date:<date> <time>
The date and time at which the log was finished.
Date:<date> <time>
The date and time at which the entry was added.
Remark: <text>
Comment information. Data recorded in this field should be ignored by analysis tools.
The directives Version and Fields are required and should precede all entries in the log. The Fields directive specifies the data recorded in the fields of each entry.
| Prefix |
Meaning |
|
s-
|
Server actions.
|
|
c-
|
Client actions.
|
|
cs-
|
Client-to-server actions.
|
|
sc-
|
Server-to-client actions.
|
| Field |
Appears As |
Description |
| Date |
date |
The date that the activity occurred. |
| Time |
time |
The time that the activity occurred. |
| Client IP Address |
c-ip |
The IP address of the client that accessed your server. |
| User Name |
cs-username |
The name of the authenticated user who accessed your server. This does not include anonymous users, who are represented by a hyphen (-). |
| Service Name |
s-sitename |
The Internet service and instance number that was accessed by a client. |
| Server Name |
s-computername |
The name of the server on which the log entry was generated. |
| Server IP Address |
s-ip |
The IP address of the server on which the log entry was generated. |
| Server Port |
s-port |
The port number the client is connected to. |
| Method |
cs-method |
The action the client was trying to perform (for example, a GET method). |
| URI Stem |
cs-uri-stem |
The resource accessed; for example, Default.htm. |
| URI Query |
cs-uri-query |
The query, if any, the client was trying to perform. |
| Protocol Status |
sc-status |
The status of the action, in HTTP or FTP terms. |
| Win32® Status |
sc-win32-status |
The status of the action, in terms used by Microsoft Windows®. |
| Bytes Sent |
sc-bytes |
The number of bytes sent by the server. |
| Bytes Received |
cs-bytes |
The number of bytes received by the server. |
| Time Taken |
time-taken |
The duration of time, in milliseconds, that the action consumed. |
| Protocol Version |
cs-version |
The protocol (HTTP, FTP) version used by the client. For HTTP this will be either HTTP 1.0 or HTTP 1.1. |
| Host |
cs-host |
Displays the content of the host header. |
| User Agent |
cs(User-Agent) |
The browser used on the client. |
| Cookie |
cs(Cookie) |
The content of the cookie sent or received, if any. |
| Referrer |
cs(Referer) |
The previous site visited by the user. This site provided a link to the current site. |
|
KB
Back to Search
