Log service allows you to collect and analyze Internet Information Services (IIS) access logs. This topic describes how to monitor and analyze access to your website by using IIS access logs. You can obtain data such as page views (PVs), unique visitors (UVs), client IP distribution, error requests, and inbound and outbound traffic.
Prerequisites
IIS logs are collected. For more information, see Collect IIS logs.
The indexing feature is enabled and configured. For more information, see Enable and configure the index feature for a Logstore.
Background information
IIS is a secure web server that you can use to build and host websites. When you use IIS to build a website, you can collect and analyze IIS access logs.
logExtFileFlags="Date, Time, ClientIP, UserName, SiteName, ComputerName, ServerIP, Method, UriStem, UriQuery, HttpStatus, Win32Status, BytesSent, BytesRecv, TimeTaken, ServerPort, UserAgent, Cookie, Referer, ProtocolVersion, Host, HttpSubStatus"
#Software: Microsoft Internet Information Services 7.5
#Version: 1.0
#Date: 2020-09-08 09:30:26
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken
2009-11-26 06:14:21 W3SVC692644773 125.67.67. * GET /index.html - 80 - 10.10.10.10 Baiduspider+(+http://www.baidu.com)200 0 64 185173 296 0
- Field prefixes
Prefix Description s- Indicates a server action. c- Indicates a client action. cs- Indicates a client-to-server action. sc- Indicates a server-to-client action. - Fields
Field Description date The date on which the client sends the request. time The time when the client sends the request. s-sitename The Internet service name and instance number of the site visited by the client. s-computername The name of the server on which the log entry is generated. s-ip The IP address of the server on which the log entry is generated. cs-method The HTTP request method used by the client, for example, GET or POST. cs-uri-stem The URI resource requested by the client. cs-uri-query The query string that follows the question mark (?) in the HTTP request. s-port The port number of the server to which the client is connected. cs-username The username that the client uses to access the server. Authenticated users are referenced as
domain\username
. Anonymous users are indicated by a hyphen (-).c-ip The IP address of the client that sends the request. cs-version The protocol version used by the client, for example, HTTP 1.0 or HTTP 1.1. cs(User-Agent) The browser used by the client. Cookie The content of the sent cookie or received cookie. A hyphen (-) is used if no cookie is sent or received. referer The site that the client last visited. cs-host The header name of the host. sc-status The HTTP or FTP status code returned by the server. sc-substatus The HTTP sub-status code returned by the server. sc-win32-status The Windows status code returned by the server. sc-bytes The number of bytes sent by the server. cs-bytes The number of bytes received by the server. time-taken The processing time of the request. Unit: milliseconds.