Microsoft IIS is a widely used web server application for hosting websites. Monitoring IIS web server logs is an effective way to prevent a malicious entity launching attacks on your network. This article will explain the steps involved in locating your IIS log files.
To locate the IIS log files of a website, you need the following:
You can find them in IIS Manager by following these simple steps:
Go to Windows Control Panel > System and Security > Administrative Tools > Internet Information Services (IIS).
Open the Run dialog box > type inetmgr > click OK.
IIS Manager will be launched.
Fig 1.1 shows the home window of IIS Manager with the following sections highlighted:
Make sure to locate them to follow along with the remaining steps.
The site ID is used to uniquely identify the log folders of different websites.
If you cannot find the ID, follow the next step
Generally, IIS log files are stored in this default path:
Once you open the LogFiles folder, you will find multiple sub-folders of
different websites named in this pattern: W3SVC +Site ID.
If your site ID is 10, then open the folder named W3SVC10.
In case the folders can’t be found in this default path, follow the next step
For versions IIS 1.0-IIS 6.0, follow these steps to locate your log files:
The full path along with the sub-folder name will be displayed like this:
Security tip: Microsoft has stopped rolling out updates for earlier versions of IIS (1.0-6.0). Using outdated software becomes an easy vulnerability for cyber attackers to target. Unpatched Windows systems and poor awareness around updating software were found to be the major reasons for the large-scale 2017 Wannacry ransomware attacks.
Best practice: Audit your enterprise network systems regularly. Update and use the latest versions of software and OSs.
If you're still unable to find the IIS log files, it's possible logging might have been turned off.
Open IIS Manager. In the Connections pane, click the website you want to enable logging for > click Features View > double-click the Logging icon > click Enable in the Actions pane.
Manually enabling IIS web server logging and analyzing the logs is quite tedious. To overcome this challenge, we have log management tools like ManageEngine EventLog Analyzer that automate the collection, monitoring, analysis, and retention of your IIS web server logs in a central server.
Apart from generating real-time alerts and reports for IIS server incidents, EventLog Analyzer also provides deeper insights into critical information such as HTTP status code summaries, password changes, top users, admin resource accesses, and server configuration changes.
Check out and download a 30-day, free trial of EventLog Analyzer here.
Manage logs, comply with IT regulations, and mitigate security threats.
Our support technicians will get back to you at the earliest.
Zoho Corporation Pvt. Ltd. All rights reserved.