{"id":233,"date":"2016-03-29T13:37:05","date_gmt":"2016-03-29T11:37:05","guid":{"rendered":"http:\/\/blogs.msdn.microsoft.com\/lavanack\/?p=233"},"modified":"2022-05-30T13:50:57","modified_gmt":"2022-05-30T11:50:57","slug":"quels-champs-des-logs-iis-sont-recommandes-which-iis-log-fields-are-recommended","status":"publish","type":"post","link":"https:\/\/laurentvanacker.com\/index.php\/2016\/03\/29\/quels-champs-des-logs-iis-sont-recommandes-which-iis-log-fields-are-recommended\/","title":{"rendered":"Quels champs des logs IIS sont recommand\u00e9s \/ Which IIS log fields are recommended ?"},"content":{"rendered":"<div id=\"fr-FR\"><a href=\"#en-US\">English version<\/a><\/div>\n<p style=\"text-align: justify;\">Le premier endroit pour diagnostiquer un probl\u00e8me sur IIS est le log du site qui pose probl\u00e8me (\u00e0 l&rsquo;aide de <a href=\"https:\/\/technet.microsoft.com\/en-us\/scriptcenter\/dd919274.aspx\" target=\"_blank\" rel=\"noopener noreferrer\">LogParser<\/a>), encore faut-il que les param\u00e8tres de ce fichier de log soient bien configur\u00e9s. D&rsquo;exp\u00e9rience je sais que c&rsquo;est rarement le cas. Je me propose donc dans cet article de parcourir rapidement les <a href=\"https:\/\/technet.microsoft.com\/en-gb\/library\/cc754702(v=ws.10).aspx\" target=\"_blank\" rel=\"noopener noreferrer\">champs disponibles<\/a> et de vous indiquer ceux qui sont recommand\u00e9s (Pour r\u00e9sumer, tous sauf les trois derniers &#8211; pour ceux-ci c&rsquo;est en fonction des besoins) :<\/p>\n<ul style=\"text-align: justify;\">\n<li><strong>Date (date)<\/strong> : La date de la requ\u00eate en temps <strong>UTC (cf. point suivant)<\/strong><\/li>\n<li><strong>Time (time)<\/strong> : L&rsquo;heure requ\u00eate au format <strong>UTC<\/strong>. Il n&rsquo;y a aucun moyen de forcer un horodatage en heure locale (La rotation des logs \u00e0 minuit heure locale est toutefois <a href=\"http:\/\/laurentvanacker.com\/wp-content\/uploads\/2016\/03\/localtimerollover.png\" target=\"_blank\" rel=\"noopener noreferrer\">possible<\/a>). Pensez bien au d\u00e9calage en analysant vos logs IIS (H+2 en \u00e9t\u00e9 \/ H+1 en hiver pour la France).<\/li>\n<li><strong>Client IP Address (c-ip)<\/strong> : L&rsquo;adresse IP du client. En r\u00e9alit\u00e9 plut\u00f4t l&rsquo;adresse IP de l&rsquo;\u00e9quipement ayant \u00e9mis la requ\u00eate. Dans le cadre d&rsquo;un environnement avec repartition de charge vous risquez de voir uniquement les adresses IP de vos load-balancers. Il existe des moyens de relayer la veritable adresse IP des clients comme <a href=\"http:\/\/loadbalancer.org\/blog\/iis-and-x-forwarded-for-header\" target=\"_blank\" rel=\"noopener noreferrer\">ici<\/a> et <a href=\"http:\/\/www.iis.net\/learn\/get-started\/whats-new-in-iis-85\/enhanced-logging-for-iis85\" target=\"_blank\" rel=\"noopener noreferrer\">ici<\/a>.<\/li>\n<li><strong>User Name (cs-username)<\/strong> : L&rsquo;utilisateur authentifi\u00e9 lorsque cela est possible. Un \u00ab\u00a0&#8211;\u00a0\u00bb signifie g\u00e9n\u00e9ralement une authentification anonyme.<\/li>\n<li><strong>Service Name (s-sitename)<\/strong> : L&rsquo;identifiant du site ayant pris en charge la requ\u00eate (1 pour le \u00ab\u00a0Default Web Site\u00a0\u00bb puis de mani\u00e8re s\u00e9quentielle pour les autres &#8211; Il est toutefois possible de changer l&rsquo;identifiant d&rsquo;un site de mani\u00e8re programmatique).<\/li>\n<li><strong>Server Name (s-computername)<\/strong> : Le nom du serveur ayant pris en charge la requ\u00eate. Si vous analysez les logs d&rsquo;un site h\u00e9berg\u00e9 dans une ferme de serveurs, cette information est capitale.<\/li>\n<li><strong>Server IP (s-ip)<\/strong> : L&rsquo;adresse IP ayant pris en charge la requ\u00eate. En effet un site web peut \u00e9couter sur plusieurs adresses IP.<\/li>\n<li><strong>Server Port (s-port)<\/strong> : Le port d&rsquo;\u00e9coute qui a pris en charge la requ\u00eate. En effet un site web peut \u00e9couter sur plusieurs ports.<\/li>\n<li><strong>Method (cs-method)<\/strong> : Le \u00ab\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Hypertext_Transfer_Protocol#Request_methods\" target=\"_blank\" rel=\"noopener noreferrer\">verbe<\/a>\u00a0\u00bb HTTP associ\u00e9 \u00e0 la requ\u00eate.<\/li>\n<li><strong>URI Stem (cs-uri-stem)<\/strong> : L&rsquo;URI demand\u00e9e sans le nom de domaine (\/images\/logo.png pour l&rsquo;URI http:\/\/www.contoso.com\/images\/logo.png)<\/li>\n<li><strong>URI Query (cs-uri-query)<\/strong> : La query string si applicable (param1=value1&amp;param2=value2 pour l&rsquo;URI http:\/\/www.contoso.com\/forms\/default.aspx?param1=value1&amp;param2=value2)<\/li>\n<li><strong>Protocol Status (sc-status)<\/strong> : Le <a href=\"https:\/\/www.w3.org\/Protocols\/rfc2616\/rfc2616-sec10.html\" target=\"_blank\" rel=\"noopener noreferrer\">code statut<\/a> de la r\u00e9ponse (\u00ab\u00a0200\u00a0\u00bb indiquant que tout va bien)<\/li>\n<li><strong>Protocol Substatus (sc-substatus)<\/strong> : Le <a href=\"https:\/\/www.w3.org\/Protocols\/rfc2616\/rfc2616-sec10.html\" target=\"_blank\" rel=\"noopener noreferrer\">code de sous-statut<\/a> de la r\u00e9ponse (<strong>2<\/strong> dans la r\u00e9ponse \u00ab\u00a0401.<strong>2<\/strong>\u00ab\u00a0)<\/li>\n<li><strong>Win32 Status (sc-win32-status)<\/strong> : Le statut Windows de la r\u00e9ponse (Statut propre \u00e0 Windows)<\/li>\n<li><strong>Bytes Sent (sc-bytes)<\/strong> : La volum\u00e9trie sortante en octets. Information cruciale pour \u00e9valuer les gains en termes de compression(s) statique\/dynamique et les effets des niveau de compression (allant de 0 \u00e0 10 &#8211;<strong> Ne jamais d\u00e9passer 9, en effet le gain entre 9 et 10 est minime en comparaison de la surcharge CPU engendr\u00e9e<\/strong>. Une petite lecture int\u00e9ressante est disponible <a href=\"http:\/\/weblogs.asp.net\/owscott\/iis-7-compression-good-bad-how-much\" target=\"_blank\" rel=\"noopener noreferrer\">ici<\/a>. &#8211; Moyen mn\u00e9motechnique : <strong>sc<\/strong>-bytes &#8211; <strong>SC<\/strong> pour <strong>S<\/strong>erver to <strong>C<\/strong>lient)<\/li>\n<li><strong>Bytes Received (cs-bytes)<\/strong> : La volum\u00e9trie entrante (taille de la requ\u00eate &#8211; Moyen mn\u00e9motechnique : <strong>cs<\/strong>-bytes &#8211; <strong>CS<\/strong> pour <strong>C<\/strong>lient to <strong>S<\/strong>erver)<\/li>\n<li><strong>Time Taken (time-taken)<\/strong> : <strong>Le temps de traitement de la requ\u00eate (en millisecondes) dans sa totalit\u00e9 : incluant le temps d&rsquo;attente dans la file d&rsquo;attente HTTP.sys, le temps de traitement par les serveurs Middle-Office, Back-Office (si applicable) et le temps r\u00e9seau entre les \u00e9quipements. Le compteur ne s&rsquo;arr\u00eatera que lorsque le client acquittera la trame r\u00e9seau (\u00ab\u00a0ACK\u00a0\u00bb) comme pr\u00e9cis\u00e9 <a href=\"https:\/\/support.microsoft.com\/en-us\/kb\/944884\" target=\"_blank\" rel=\"noopener noreferrer\">ici<\/a>. Ce qui implique qu&rsquo;un time-taken \u00e9lev\u00e9 n&rsquo;est pas forc\u00e9ment un probl\u00e8me au niveau du serveur IIS (les causes peuvent \u00eatre multiples : latence r\u00e9seau, requ\u00eates SQL non optimis\u00e9es &#8230;)<br \/>\n<\/strong><\/li>\n<li><strong>Procol Version (cs-version)<\/strong> : La version du protocole HTTP utilis\u00e9e : 0.9, 1.0, 1.1, 2.0 &#8230;<\/li>\n<li><strong>Host (cs-host)<\/strong> : Le host header name (si applicable). Un host header name est utilis\u00e9 pour diff\u00e9rencier deux sites qui \u00e9coutent sur le m\u00eame couple IP\/Port de mani\u00e8re \u00e0 router le trafic sur le bon site. En effet le host-header name doit correspondre \u00e0 l&rsquo;entr\u00e9e DNS demandait par les clients pour chaque site. Si on a deux sites correspondant aux entr\u00e9e DNS www.contoso.com et www.northwindtraders.com \u00e9coutant sur le m\u00eame couple IP:Port, il est necessaire de valoriser le host header name de chaque site avec la valeur DNS associ\u00e9e (www.contoso.com ou www.northwindtraders.com) de mani\u00e8re \u00e0 \u00eatre s\u00fbr que le trafic est rout\u00e9 sur le bon site.<\/li>\n<li><strong>User Agent(cs(User-Agent))<\/strong> : La <a href=\"https:\/\/msdn.microsoft.com\/en-us\/library\/hh869301(v=vs.85).aspx\" target=\"_blank\" rel=\"noopener noreferrer\">cha\u00eene d&rsquo;identification<\/a> du navigateur \/ client<\/li>\n<li><strong>Cookie (cs(Cookie))<\/strong> : Le cookie re\u00e7u ou envoy\u00e9 associ\u00e9 \u00e0 la requ\u00eate.<\/li>\n<li><strong>Referer(cs(Referer))<\/strong> : La page o\u00f9 l&rsquo;on a cliqu\u00e9 pr\u00e9c\u00e9demment pour arriver \u00e0 cette page.<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">Maintenant expliquons pourquoi je d\u00e9conseille (dans la majorit\u00e9 des cas) l&rsquo;activation des trois derniers champs : User Agent, Cookie et Referer. G\u00e9n\u00e9ralement ses champs ne sont quasiment pas exploit\u00e9s dans le cadre de d\u00e9marche de troubleshooting ou de reporting. De plus chaque requ\u00eate va enregistrer dans les logs IIS les informations relatives \u00e0 ces champs et les valeurs associ\u00e9es sont relativement grandes (plusieurs dizaines de caract\u00e8res pour chacun d&rsquo;eux). Ce qui induit des I\/O inutiles. Le but \u00e9tant toujours de r\u00e9duire la consommation de ressources en production.<\/p>\n<p style=\"text-align: justify;\">Votre configuration doit donc au minima ressembler \u00e0 cela. Je vous laisse libre de s\u00e9lectionner les autres champs si vous les exploitez r\u00e9ellement.<\/p>\n<p style=\"text-align: justify;\"><a href=\"http:\/\/laurentvanacker.com\/wp-content\/uploads\/2016\/03\/iislogfields.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-212\" src=\"http:\/\/laurentvanacker.com\/wp-content\/uploads\/2016\/03\/iislogfields.png\" alt=\"iislogfields\" width=\"566\" height=\"444\" srcset=\"https:\/\/laurentvanacker.com\/wp-content\/uploads\/2016\/03\/iislogfields.png 566w, https:\/\/laurentvanacker.com\/wp-content\/uploads\/2016\/03\/iislogfields-300x235.png 300w\" sizes=\"auto, (max-width: 566px) 100vw, 566px\" \/><\/a><\/p>\n<p style=\"text-align: justify;\">Vous vous demandez certainement s&rsquo;il n&rsquo;existe pas \u00e0 un moyen d&rsquo;automatiser cette configuration ? La r\u00e9ponse est naturellement oui et je vous propose m\u00eame deux moyens de le faire (via appcmd et PowerShell) en modifiant directement les options de journalisation par d\u00e9faut (appliqu\u00e9es \u00e0 tous les sites) :<\/p>\n<ul style=\"text-align: justify;\">\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Nativement avec appcmd.exe<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<div id=\"scid:9D7513F9-C04C-4721-824A-2B34F0212519:9ebf77ca-c882-4e49-a056-f11da6e30038\" class=\"wlWriterEditableSmartContent\" style=\"float: none; margin: 0px; padding: 0px;\">\n<div>\n<pre class=\"brush: plain; collapse: true; light: false; title: ; toolbar: true; notranslate\" title=\"\"> \r\nREM Changing default logging fields to enable all fields except User-Agent, Cookie and Referer \r\n%WINDIR%\\system32\\inetsrv\\appcmd.exe set config \/section:sites -siteDefaults.logFile.logExtFileFlags:Date,Time,ClientIP,UserName,SiteName,ComputerName,BytesRecv,BytesSent,ServerIP,Method,UriStem,UriQuery,TimeTaken,HttpStatus,Win32Status,ServerPort,HttpSubStatus,ProtocolVersion,Host\r\n<\/pre>\n<\/div>\n<\/div>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Avec PowerShell<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<div id=\"scid:9D7513F9-C04C-4721-824A-2B34F0212519:f7a9f558-a002-47eb-b2df-ca423dd13fd1\" class=\"wlWriterEditableSmartContent\" style=\"float: none; margin: 0px; padding: 0px;\">\n<div>\n<p><!-- Code highlighting produced by Actipro CodeHighlighter (freeware) http:\/\/www.CodeHighlighter.com\/ --><\/p>\n<pre class=\"brush: powershell; collapse: true; light: false; title: ; toolbar: true; notranslate\" title=\"\"> \r\n# Changing default logging fields to enable all fields except User-Agent, Cookie and Referer \r\nImport-Module WebAdministration \r\nSet-WebConfigurationProperty -pspath 'MACHINE\/WEBROOT\/APPHOST' -filter &quot;system.applicationHost\/sites\/siteDefaults\/logFile&quot; -name &quot;logExtFileFlags&quot; -value &quot;Date,Time,ClientIP,UserName,SiteName,ComputerName,ServerIP,Method,UriStem,UriQuery,HttpStatus,Win32Status,BytesSent,BytesRecv,TimeTaken,ServerPort,ProtocolVersion,Host,HttpSubStatus&quot;\r\n<\/pre>\n<\/div>\n<\/div>\n<hr \/>\n<div id=\"en-US\"><a href=\"#fr-FR\">Version fran\u00e7aise<\/a><\/div>\n<p>The first place to diagnose a problem on IIS is the log of the site that is the problem (using LogParser), but it is necessary that the settings of the log file are well configured. From my own experience I know that this is rarely the case. I propose in this article to quickly browse the available fields and tell you those recommended (To summarize, all except the the last three ones &#8211; for them it is as needed):<\/p>\n<ul>\n<li><strong>Date (date)<\/strong> : The date, in coordinated universal time (<strong>UTC)<\/strong><strong> (cf. next point <\/strong><\/li>\n<li><strong>Time (time)<\/strong> : The time, in coordinated universal time (<strong>UTC),<\/strong> at which the request occurred. There is no way to force a timestamp in local time(Nevertheless, using local time for file naming and rollover is <a href=\"http:\/\/laurentvanacker.com\/wp-content\/uploads\/2016\/03\/localtimerollover.png\" target=\"_blank\" rel=\"noopener noreferrer\">possible<\/a>). Take this time shifting into consideration when analyzing your IIS logs (H+2 in summer \/ H+1 in winter for France).<\/li>\n<li><strong>Client IP Address (c-ip)<\/strong> : IP addresse of the client. In fact rather the IP address of the device that issued the request. As part of a load distribution with environment you may see only the IP addresses of your load-balancers. There are ways to relay the real client IP address as explained <a href=\"http:\/\/loadbalancer.org\/blog\/iis-and-x-forwarded-for-header\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a> and <a href=\"http:\/\/www.iis.net\/learn\/get-started\/whats-new-in-iis-85\/enhanced-logging-for-iis85\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>.<\/li>\n<li><strong>User Name (cs-username)<\/strong>: The name of the authenticated user who accessed your server. Anonymous users are indicated by a hyphen.<\/li>\n<li><strong>Service Name (s-sitename)<\/strong> : The ID of the site that handled the request (1 for the \u00ab\u00a0Default Web Site\u00a0\u00bb and then sequentially for the other sites &#8211; it is possible to change the identifier of a site programmatically).<\/li>\n<li><strong>Server Name (s-computername)<\/strong> : The name of the server that handled the request. If you analyze the logs of a site hosted on a web farm then this information is important.<\/li>\n<li><strong>Server IP (s-ip)<\/strong> : The IP address has handled the request. Indeed a web site can listen on multiple IP addresses.<\/li>\n<li><strong>Server Port (s-port)<\/strong> : The listener that has handled the request. Indeed a web site can listen on multiple ports.<\/li>\n<li><strong>Method (cs-method)<\/strong> : The HTTP \u00ab\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Hypertext_Transfer_Protocol#Request_methods\" target=\"_blank\" rel=\"noopener noreferrer\">verb<\/a>\u00a0\u00bb HTTP associated to the request.<\/li>\n<li><strong>URI Stem (cs-uri-stem)<\/strong> : The URI requested without the domain name (\/images\/logo.png for http:\/\/www.contoso.com\/images\/logo.png)<\/li>\n<li><strong>URI Query (cs-uri-query)<\/strong> : The query, if any, that the client was trying to perform (param1 = value1 &amp; param2 = value2 for http:\/\/www.contoso.com\/forms\/default.aspx?param1=value1&amp;param2=value2)<\/li>\n<li><strong>Protocol Status (sc-status)<\/strong> : The HTTP <a href=\"https:\/\/www.w3.org\/Protocols\/rfc2616\/rfc2616-sec10.html\" target=\"_blank\" rel=\"noopener noreferrer\">status code<\/a>. (\u00ab\u00a0200\u00a0\u00bb is OK)<\/li>\n<li><strong>Win32 Status (sc-win32-status)<\/strong> : The Windows status code.<\/li>\n<li><strong>Bytes Sent (sc-bytes)<\/strong> : The number of bytes that the server sent. Crucial information to assess gains when working with static and \/ or\u00a0 dynamic compression and monitr the effects of compression level (from 0 to 10 &#8211; <strong>Do not exceed a level of 9, because the gain between the levels 9 and 10 is minimal compared to the generated CPU overload<\/strong>. An interesting reading is available <a href=\"http:\/\/weblogs.asp.net\/owscott\/iis-7-compression-good-bad-how-much\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>&#8211; mnemonic: <strong>sc<\/strong>-bytes &#8211; <strong>SC<\/strong> for <strong>S<\/strong>erver to <strong>C<\/strong>lient)<\/li>\n<li><strong>Bytes Received (cs-bytes)<\/strong> : The number of bytes that the server received (mnemonic\u00a0 : <strong>cs<\/strong>-bytes &#8211; <strong>CS<\/strong> for<strong> C<\/strong>lient to <strong>S<\/strong>erver)<\/li>\n<li><strong>Time Taken (time-taken)<\/strong> : <strong>The processing time of the request (in milliseconds) in its entirety: including the waiting time in the HTTP.sys request queue, the processing time by the middle-office servers, back office (if any) and network time between equipments. The counter will be stopped only when the client will acknowledge the last response packet send operation as specified <a href=\"https:\/\/support.microsoft.com\/en-us\/kb\/944884\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>. This implies that a high time-taken is not necessarily a problem with the IIS server (the causes can be many: network latency, non-optimized SQL queries &#8230;)<\/strong><\/li>\n<li><strong>Procol Version (cs-version)<\/strong> : The HTTP protocol version that the client used: 0.9, 1.0, 1.1, 2.0 &#8230;<\/li>\n<li><strong>Host (cs-host)<\/strong> : The host header name, if any. A host header name is used to differentiate the two sites listening on the same IP \/ port couple to route traffic to the right web site. Indeed the host-header name must match the DNS entry requested by client for each site. If two sites corresponding to the DNS entry www.contoso.com and www.northwindtraders.com are listening on the same couple IP:Port, it is necessary to set the host header name of each site with the associated DNS value (www.contoso .com or www.northwindtraders.com) to be sure that the traffic is routed to the right site.<\/li>\n<li><strong>User Agent(cs(User-Agent))<\/strong> : The <a href=\"https:\/\/msdn.microsoft.com\/en-us\/library\/hh869301(v=vs.85).aspx\" target=\"_blank\" rel=\"noopener noreferrer\">browser type<\/a> that the client used<\/li>\n<li><strong>Cookie (cs(Cookie))<\/strong> : The content of the cookie sent or received, if any.<\/li>\n<li><strong>Referer(cs(Referer))<\/strong> : The site that the user last visited. This site provided a link to the current site.<\/li>\n<\/ul>\n<div id=\"gt-res-content\" class=\"almost_half_cell\">\n<div dir=\"ltr\"><span id=\"result_box\" lang=\"en\">Now I will explain why I don&rsquo;t recommend (in most cases) the activation of the last three fields: User Agent, Cookie and Referer. Generally these fields are not exploited as part of troubleshooting or reporting process. Moreover each request will register the information for these fields in the IIS logs and associated values are relatively large (several tens of characters for each one). Which cause more I\/O. The goal is always to reduce the use of production resources.<\/span><\/div>\n<div dir=\"ltr\"><\/div>\n<div dir=\"ltr\">Your configuration should look like this at minimum. Feel free to select other fields if you actually operate them.<\/div>\n<div dir=\"ltr\"><\/div>\n<div dir=\"ltr\"><\/div>\n<div dir=\"ltr\"><a href=\"http:\/\/laurentvanacker.com\/wp-content\/uploads\/2016\/03\/iislogfields.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-212\" src=\"http:\/\/laurentvanacker.com\/wp-content\/uploads\/2016\/03\/iislogfields.png\" alt=\"iislogfields\" width=\"566\" height=\"444\" srcset=\"https:\/\/laurentvanacker.com\/wp-content\/uploads\/2016\/03\/iislogfields.png 566w, https:\/\/laurentvanacker.com\/wp-content\/uploads\/2016\/03\/iislogfields-300x235.png 300w\" sizes=\"auto, (max-width: 566px) 100vw, 566px\" \/><\/a><\/div>\n<div dir=\"ltr\"><\/div>\n<p dir=\"ltr\" style=\"text-align: justify;\">You&rsquo;re probably wondering if there is not a way to automate this configuration? The answer is yes, and I even offers two ways to do this (by using appcmd and PowerShell) by modifying the default logging options (applied to all sites):<\/p>\n<div dir=\"ltr\">\n<ul style=\"text-align: justify;\">\n<li style=\"list-style-type: none;\">\n<ul>\n<li>With appcmd.exe<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/div>\n<div id=\"scid:9D7513F9-C04C-4721-824A-2B34F0212519:96a8fd78-bbd0-4a9b-9d28-c8c19d2a9212\" class=\"wlWriterEditableSmartContent\" style=\"float: none; margin: 0px; padding: 0px;\">\n<div>\n<p><!-- Code highlighting produced by Actipro CodeHighlighter (freeware) http:\/\/www.CodeHighlighter.com\/ --><\/p>\n<div id=\"scid:9D7513F9-C04C-4721-824A-2B34F0212519:9ebf77ca-c882-4e49-a056-f11da6e30038\" class=\"wlWriterEditableSmartContent\">\n<div>\n<pre class=\"brush: plain; collapse: true; light: false; title: ; toolbar: true; notranslate\" title=\"\"> \r\nREM Changing default logging fields to enable all fields except User-Agent, Cookie and Referer \r\n%WINDIR%\\system32\\inetsrv\\appcmd.exe set config \/section:sites -siteDefaults.logFile.logExtFileFlags:Date,Time,ClientIP,UserName,SiteName,ComputerName,BytesRecv,BytesSent,ServerIP,Method,UriStem,UriQuery,TimeTaken,HttpStatus,Win32Status,ServerPort,HttpSubStatus,ProtocolVersion,Host\r\n<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<ul style=\"text-align: justify;\">\n<li style=\"list-style-type: none;\">\n<ul>\n<li>With PowerShell<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<div id=\"scid:9D7513F9-C04C-4721-824A-2B34F0212519:00614e96-e170-4a7c-a66a-22bd575c5b4b\" class=\"wlWriterEditableSmartContent\" style=\"float: none; margin: 0px; padding: 0px;\">\n<div>\n<p><!-- Code highlighting produced by Actipro CodeHighlighter (freeware) http:\/\/www.CodeHighlighter.com\/ --><\/p>\n<pre class=\"brush: powershell; collapse: true; light: false; title: ; toolbar: true; notranslate\" title=\"\"> \r\n# Changing default logging fields to enable all fields except User-Agent, Cookie and Referer \r\nImport-Module WebAdministration \r\nSet-WebConfigurationProperty -pspath 'MACHINE\/WEBROOT\/APPHOST' -filter &quot;system.applicationHost\/sites\/siteDefaults\/logFile&quot; -name &quot;logExtFileFlags&quot; -value &quot;Date,Time,ClientIP,UserName,SiteName,ComputerName,ServerIP,Method,UriStem,UriQuery,HttpStatus,Win32Status,BytesSent,BytesRecv,TimeTaken,ServerPort,ProtocolVersion,Host,HttpSubStatus&quot;\r\n<\/pre>\n<\/div>\n<\/div>\n<p style=\"text-align: justify;\">Laurent.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>English version Le premier endroit pour diagnostiquer un probl\u00e8me sur IIS est le log du site qui pose probl\u00e8me (\u00e0 l&rsquo;aide de LogParser), encore faut-il [&#8230;]<\/p>\n","protected":false},"author":2,"featured_media":2465,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,18,19],"tags":[25,55,30,39],"class_list":["post-233","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-iis","category-ms-dos","category-powershell","tag-iis","tag-logparser","tag-ms-dos","tag-powershell"],"_links":{"self":[{"href":"https:\/\/laurentvanacker.com\/index.php\/wp-json\/wp\/v2\/posts\/233","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/laurentvanacker.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/laurentvanacker.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/laurentvanacker.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/laurentvanacker.com\/index.php\/wp-json\/wp\/v2\/comments?post=233"}],"version-history":[{"count":9,"href":"https:\/\/laurentvanacker.com\/index.php\/wp-json\/wp\/v2\/posts\/233\/revisions"}],"predecessor-version":[{"id":2781,"href":"https:\/\/laurentvanacker.com\/index.php\/wp-json\/wp\/v2\/posts\/233\/revisions\/2781"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/laurentvanacker.com\/index.php\/wp-json\/wp\/v2\/media\/2465"}],"wp:attachment":[{"href":"https:\/\/laurentvanacker.com\/index.php\/wp-json\/wp\/v2\/media?parent=233"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/laurentvanacker.com\/index.php\/wp-json\/wp\/v2\/categories?post=233"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/laurentvanacker.com\/index.php\/wp-json\/wp\/v2\/tags?post=233"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}