Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Understanding IIS 7 log files

Tags:

logging

iis

I'm trying to debug a 405 error that is occurring in an ASP.NET 4.0 website with a jQuery AJAX post, and I've got the following from an IIS log file.

2012-07-02 15:15:37 XXX.XX.XX.XXX POST /AjaxWebMethods.aspx/TestWebMethod - 443 - XXX.XX.XX.XX Mozilla/5.0+(Windows+NT+5.1;+rv:13.0)+Gecko/20100101+Firefox/13.0.1 405 0 0 218

My question: what does the 405 0 0 218 at the end of the log signify? I'm assuming that the 405 portion is the client error number, but what are the 3 remaining numbers?

like image 993
Jagd Avatar asked Jul 02 '12 15:07

Jagd


People also ask

How do I read IIS logs?

There are a few ways to locate the IIS log files in Windows Server 2012. Open the Server Manager and click IIS in the side menu located on the left side of the screen. Right-click the server that is installed under IIS, and on the menu that is displayed, click Internet Information Services (IIS) Manager.

What information is stored in IIS logs?

The IIS log file format is a fixed ASCII text-based format that cannot be customized. The IIS log file contains the HTTP Server API kernel-mode cache hits. This type of logging can be enabled on a URL group only; it cannot be used on the server session.

What are IIS LogFiles used for?

IIS logs are meant to record data from Internet Information Services, web pages, and apps. While IIS itself contributes to the scalability and flexibility of web resources, the log files contain specific statistics about the websites, user data, site visits, IPs, and queries.


1 Answers

Take a look at the top of your log file and you'll see something like this:

 #Software: Microsoft Internet Information Services 7.5 #Version: 1.0 #Date: 2011-04-13 19:02:34 #Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status time-taken 

The #Fields row will tell you what each value represents. In your case, and presuming you're running with the default log settings, the values would be:

 sc-status  sc-substatus   sc-win32status  time-taken ==================================================== 405        0              0               218 
  • sc-status - is the major part of the HTTP status code
  • sc-substatus - is the sub status e.g. for a 503.19 HTTP status it would be the 19 part
  • sc-win32status - is a Windows system error code
  • time-taken - is the time taken to send the response in milliseconds

If you're getting non-zero values for sc-win32status you can use:

NET HELPMSG <sc-win32status value>

...to find out that that status code maps to.

If a field doesn't have a value in the log file then the missing value is shown as a hyphen -.

like image 117
Kev Avatar answered Sep 23 '22 18:09

Kev