IIS Logs Location

Microsoft Windows Internet Information Services (IIS) log files provide valuable information about the use and state of applications running on the web. However, it’s not always easy to find where IIS log files are located to determine important aspects of app usage like when requests for servers were made, by whom, and other user traffic concerns.

What is an IIS Log?

IIS logging is server side logging that is enabled on a URL group. IIS logs are fixed ASCII text-based and cannot be customized. 

IIS Logs Location

Where are IIS log files stored?

IIS Logs Location: On a standard Windows Server, IIS log files are found at %SystemDrive%\inetpub\logs\LogFiles by default.

What to do if you can't find IIS Log files?

It’s not uncommon for administrators or other IT personnel to switch the directory where they’re stored if requirements change. In this instance, it’s essential that users are able to quickly find IIS log files to monitor the health of applications, troubleshoot them, or find basic information for cyber security and data governance concerns.

IIS Logs vs IIS Error Log

Standard IIS logs contain every single web request. If you can't find your request in the IIS log, then your IIS error log may be located HTTPERR, your ASP.NET exceptions, or you may need to use file request tracing for your IIS error log.

Unfortunately, how to look up log files varies depending on which version of IIS is used. By following very specific steps for the different versions of IIS deployed, users can find log files.

How to Find IIS Log Files Locations on IIS 7 and Later

1. Go to Windows Start and run “inetmgr”. Alternatively, you can go to Administrative Tools → Internet Information Services (IIS) Manager.
   
2. Click on “Sites” in the left-hand tree menu to display a list of sites on the right of the screen. Note your site ID number, which is what IIS saves logs based on.
   
3. Within the tree view or the grid view, double click on your site. Next, double-click the Logging icon for the logging settings screen to open.
   
4. Find your IIS log files in the Directory field of the logging settings screen.
   
5. Go to the IIS log files location in the directory field. Inside this folder, there are subfolders for each site configured with IIS. The naming pattern for the folders the logs are in is W3SVC1, W3SVC2, etc. The number at the end of the folder name corresponds to the site ID mentioned in step No. 2. Thus, W3SVC2 corresponds to site ID 2.
   

How to Find IIS Log Files on IIS 6 and Earlier

1. From Windows Start, hover over Administrative Tools and click on Internet Information Services (IIS) Manager.
   
2. In the left hand tree, expand the name of your server’s folder, then do so for the Sites folder.
   
3. Right click on the site’s name and select Properties. The settings will load.
   
4. Near the bottom of the web site tab, an option will state “Active Log Format”. Click on the properties button.
   
5. Near the bottom of the General Properties tab, there’s a box containing the log file directory and name of the log file. The complete log path consists of the log file directory and the first part of the log file name.

How to Find IIS Log Files on Azure

Azure Cloud:

1. IIS log files are automatically saved in Azure Cloud Services.
2. Access log files by using the Remote Desktop to connect to a specific server. There, files are stored in a path similar to this one: C:\Resources\directory\{some random guid}.{app name}.DiagnosticStore\LogFiles\Web\W3SVC{random number}

Azure App Services:

1. Ensure that web server logging is enabled.
2. Set web server logging to save to the file system.
3. The files are located under: D:\home\LogFiles\http\RawLogs via the KUDU console.

3 Benefits of Centralizing IIS Log File Locations into a Unified View

IIS log files are saved in many different directories and locations. They’re stored in different places based on the various versions of IIS organizations use.

It’s not uncommon for individual departments and business units to have different versions of IIS within an organization. Additionally, the various cloud offerings of IIS save its log files in different places, which adds to the complexity of managing these files for troubleshooting and monitoring web based applications.

Organizations can maximize the value of IIS log files by centralizing them into a unified dashboard that works across versions of IIS and hybrid cloud settings. This approach has several benefits, including:

1. IIS Log File Comparisons

A single dashboard for viewing IIS log file metrics makes it easy to check IIS log files and allows for quick comparisons between applications and their performances. Organizations can determine how a spike in the use of one application affects the performance of another and other networking concerns.

It’s much more difficult to readily compare metrics and identify trends in app use and performance when the IIS log data is stored in different places. Intuitive graphics such as pie charts, bar diagrams, and others simplify comparisons to show the most insightful information produced by IIS log files

2. Real-Time Analytics of IIS Logs

A centralized dashboard for looking at IIS log files is great for some of the advanced, real-time analytics that help give this type of data both immediate and long term value. Organizations can determine trends as they’re happening, or even accurately predict trends with machine learning analytics.

The overall impact is greater responsiveness and enterprise agility for managing web based applications.

Real-time analytics of IIS log file data can also play an important role in monitoring cyber security issues, helping to decrease the number of data breaches and amount of damage they cause.

3. Continuous Monitoring and Alerts of IIS Logs

Assembling IIS log files into a single dashboard is critical for continuously monitoring this data, which is particularly important with ongoing, event-based data typical of many web applications. It’s much more practical to implement this continuous monitoring of IIS log files when they’re centralized in a uniform dashboard than when they’re spread out over different directories and locations.

Centralizing IIS log files for continuous monitoring is also helpful for issuing alerts to create action from this information. With a single view of IIS log files, alerts are not only based on individual applications and factors, but also on combinations of them. The action coming from alerts is more effective when it is based on continuously monitoring all IIS log files.

How to Centralize IIS Log Files to Find Them Easily

The Sumo Logic App for IIS provides each of these centralizing benefits and more. This app is a sophisticated IIS log analysis tool leveraging user friendly dashboards to give organizations one place to monitor and manage all of these files.

• Query raw log data in real-time for insights that would take too long to find or analyze with IIS log file data in various directories.
• Leverage the visual capabilities of dashboarding and instantaneous alerts to better understand each of the metrics associated with IIS log data analysis.

The reality is organizations must manage their IIS log data to see how their web based applications are performing, maintain their health, and reinforce aspects of cyber security and data governance. It’s essential for businesses to learn more about how IIS log data can help both those applications and their businesses as a whole.

Additional IIS Log File Resources

• Sumo Logic App for IIS
• Deep Diving into IIS Logs
• The IIS Log Data Challenge