Skip to main content

Advanced Logging is not working – Enable Advanced Logging per site

Advanced Logging is an additional IIS feature that helps administrators customizing web server logs. IIS 7, 7.5, and 8 used this feature as a detailed and customized logging option. With IIS 8.5, Enhanced Logging which is a built-in feature in IIS was introduced.

In this post, I will explain a solution for the scenario where Advanced Logging is not recording any logs. I will also provide a trick to enable it per websites.

Read More

How to log actual client IP address in IIS?

When users go through several proxies before reaching out your web server, the IP field in IIS may show only a proxy IP address instead of the actual client IP address. In this post, we will see how to find the actual client IP address in this scenario.

Long story short, you can use X-Forwarded-For request header to find the IP address of the client who sent requests. This field is not logged in IIS by default. Therefore, you need to configure custom logging in your web server.

Configure IIS to log actual client IP address

The way custom logging (also called advanced logging or enhanced logging) is configured is different based on IIS version. See the corresponding instructions below.

Looking for a list of IIS versions? Check this post out.

Which directory the custom logs are stored in?

In IIS 7/7.5/8: %SystemDrive%\inetpub\logs\AdvancedLogs
In IIS 8.5+: %SystemDrive%\inetpub\logs\LogFiles

Add X-Forwarded-For column in IIS 7/7.5/8

  1. Open IIS Manager
  2. On server, site or application level, double click “Advanced Logging
  3. In the action pane on right side, click “Enable Advanced Logging
  4. In the action pane, click “Edit Logging Fields
  5. In the new window, click “Add Field
  6. In “Add Logging Field” window, fill out the following fields
    • Field ID: X-Forwarded-For, Source type: Response Header, Source name: X-Forwarded-For
  7. Click “OK
  8. In the middle pane, select the default log definition “%COMPUTERNAME%-Server“. Click “Edit Log Definition
  9. Click “Select Logging Fields” 
  10. Select “X-Forwarded-For” from the list. Click “OK
  11. Click “Apply” in the actions pane

Wait for a new log file to be created. Column changes will be effective when a new log file is created. You may need to generate some traffic to fill and close the current log file.

Add X-Forwarded-For column in IIS 8.5 and newer versions

Custom logging became a lot easier with the IIS 8.5. Follow the steps below to add X-Forwarded-For column into IIS logs.

  1. Open IIS Manager
  2. On server, site or application level, double click “Logging” 
  3. Click “Select Fields
  4. In “W3C Logging Fields” window, click “Add Field
  5. In the “Add Custom Field” window, fill out the following fields
    • Field Name: X-Forwarded-For, Source type: Response Header, Source: X-Forwarded-For
  6. Click “OK” in both open windows
  7. Click “Apply” in the actions pane
Add X-Forwarded-For field to log actual client IP address
Add X-Forwarded-For field to log actual client IP address

Wait for a new log file to be created. Column changes will be effective when a new log file is created.

Note 1: If you see a dash (“-“) in X-Forwarded-For column of the log file, it means the client didn’t use any proxies. Therefore, the client IP must be in the “c-ip” column

Note 2: You may see multiple IP addresses in X-Forwarded-For column of the log file, it means the client went through more than 1 proxy. Each proxy adds their own IP to the end of the value. The left-most IP address is the actual client IP address. Others belong to proxies the client go through. 

X-Forwarded-For: client1, proxy1, proxy2, …

ARR Helper

If you implemented client IP address by using ARR Helper in IIS 7 and wondering how to do the same in IIS 10, follow the steps below.

Instead of using arr_helper_x64.msi, use requestrouterhelper_x64.msi in IIS 10 machine:

  1. Install ARR 3.0 to a server. It doesn’t have to be one of the IIS server you actually use. We need to ARR 3.0 installation just to get requestrouterhelper_x64.msi from its folder
  2. Go to installation directory (%ProgramFiles%\IIS\Application Request Routing). Copy requestrouterhelper_x64.msi to your IIS server
  3. Open a Command Prompt and go to that folder. Run “install requestrouterhelper_x64.msi”

References: