Raw log file for your website gives you the facility to see who’s been accessing your webpages with information on the client IP address, the time the request was made, the referrer, time taken to process the request and so much more. That’s why it is essential to have logging enabled for your site.
In Windows 2008, you can choose among different log file formats (IIS, NCSA, W3c and Custom). If you go to the IIS Management Console, you will see “Logging” under IIS features and when you double click on it, you will have a couple of options to choose from. IIS and NCSA do not allow you to change what is being logged but with the other two formats you can. W3C format is the preferred format for many people. With that format chosen for your log files, you can select which fields you want to get logged for each HTTP request by clicking on the “Select Fields” button next to the file Format. The log files are saved in the following directory by default:
C:\inetpub\logs\LogFiles
You can also choose how often a new log file is created by selecting the best option for Log File Rollover. For high traffic sites, you can have it daily or hourly but if you have a moderate traffic, going with the monthly log is the way forward. You should also check the option for “Use local time for file naming and rollover” to make it easier for you to distinguish between the various log files created.
Custom IIS logging
If you want to re-arrange the fields in your log file, you will have to go with Custom logging. For example, if you wanted the client IP address to come before the date and time of the http request, then only custom logging will allow you to do that. You cannot also change the name of the log file name, it is in the format of u_exYYMMDD.
Although custom logging for IIS gives you a lot of flexibility in terms of what gets logged and many more, there’s a major drawback to that approach and that is performance. The IIS worker process handles custom logging and the HTTP.sys kernel-mode cache is disabled for IIS which degrades performance (see this link for more information).