Support
 
Support Get Quote
 
 
 
 
Network devices

Critical Windows events: Event ID 7031 - Service crash

Read more
 
Previous articles
Next articles
Network devices

How to check your Cisco switch logs?

Read more
 
Microsoft IIS

5 best practices for IIS logging that you should know

Jan 04, 2023 6 min read
 
  • Microsoft IIS

What are IIS logs?

IIS logs are a record of events that happen on your Microsoft IIS web server. These log files provide information about the websites, users who visit the site, IPs, errors, and more. They serve as crucial evidence for troubleshooting performance and operational issues. This article explains the five best practices for IIS logging that you should know to get the most out of your IIS logs.

What is IIS logging

IIS logging refers to enabling the web servers to generate the log information for events and monitor them. IIS logging is specific only to the URL groups. Enabling IIS logging and reviewing these log files helps identify trends and potential issues in the IIS web server.

Why IIS logging is important

IIS logging is essential to monitor the performance of webservers and ensure its security. It provides information on how users access your website, interact with your webpages, and encounter common performance issues. Periodically taking a backup of the IIS server logs helps in log forensic analysis. A comprehensive log management tool like ManageEngine EventLog Analyzer aids with IIS log collection, IIS log parsing, IIS log viewing, IIS log archival, and more.

How to enable IIS logging

You can enable IIS logging by following these steps:

  • Open the IIS Manager.
  • In the Connections pane, select the specific machine or site that you want to enable IIS logging for, and
  • In Feature view, double-click on Logging.
How to enable IIS logging

Recommendation: Never turn off logging because logs are needed to troubleshoot web server issues and to conduct forensic analysis. Be aware that using advanced logging option may result in memory leakage. A Microsoft IIS log parser tool, like EventLog Analyzer, automatically collects, parses, analyzes, and archives IIS logs.

5 best practices for IIS logging

1. Application pool configuration: Create a separate application pool for each application. If the applications or websites hosted on the IIS server is huge in number, you should consider grouping them for easier log management. Allocate a huge amount of memory for IIS logging and never set any specific virtual memory limit. Also, don't let recycle configuration as default. We recommend changing it to the following:

  • Idle time-out (minutes): Set this either to 0 (zero) or "Idle time-out action" to "Suspend."
  • Regular interval: Set to zero
  • Specific Times: Set to the time of day that is least used
Application pool configuration

2. IIS server load balancing: Keep an eye on the number of client connections to the server to ensure the load is balanced equally for optimal performance. If the number of client connections keep on increasing, then you should consider load balancing across multiple IIS web servers. Ensure IIS server is not so busy and has sufficient resource and bandwidth to upload or download data.

3. Avoid logging sensitive data: Always ensure that you don't log any sensitive data like PII that violates data privacy and security policies like the GDPR, HIPAA, and PCI DSS. Always keep in mind that logging non-essential information increases the log volume, which makes the root cause analysis process tedious. Also, a high volume of logs will drastically increase the cost and time.

4. Consolidate and centralize IIS logs: IIS Logging helps you get a lot of information through the server's HTTP request. It's vital to aggregate and centralize IIS log data collected to effectively analyze and investigate application performance and security issues. A centralized dashboard makes it lot more easier for you to monitor and manage IIS logs. Also, it aids in real time log analytics process.

5. Log retention policy: Organizations must retain critical logs for a certain time to comply with IT regulatory mandates and data protection policies. According to the most common compliance mandates' requirement, organizations are required to retain the logs for 90 days. You can archive these historical log data as per your organization's needs to identify trends and forecast traffic spikes which helps optimize IIS web server application performance and to perform in-depth log forensic analysis.

You may also like

 

Interested in a
log management
solution?

Try EventLog Analyzer

 

 

Manage logs, comply with IT regulations, and mitigate security threats.

Seamlessly collect, monitor, and analyze
logs with EventLog Analyzer

Your request for a demo has been submitted successfully

Our support technicians will get back to you at the earliest.

  •  
  •  
By clicking 'Submit', you agree to processing of personal data according to the Privacy Policy.

  Zoho Corporation Pvt. Ltd. All rights reserved.

Link copied, now you can start sharing
Copy