IIS Log File Format
Applies To: Windows Server 2003, Windows Server 2003 with SP1
The IIS log file format is a fixed ASCII text-based format, so you cannot customize it. Because HTTP.sys handles the IIS log file format, this format records HTTP.sys kernel-mode cache hits.
The IIS log file format records the following data:
Client IP address
User name
Date
Time
Service and instance
Server name
Server IP address
Time taken
Client bytes sent
Server bytes sent
Service status code (A value of 200 indicates that the request was fulfilled successfully.)
Windows status code (A value of 0 indicates that the request was fulfilled successfully.)
Request type
Target of operation
Parameters (the parameters that are passed to a script)
Not all fields will contain information. For fields for which there is no information, a hyphen (-) appears as a placeholder. If a field contains a nonprintable character, HTTP.sys replaces it with a plus sign (+) to preserve the log file format. This typically occurs with virus attacks, when, for example, a malicious user sends carriage returns and line feeds that, if not replaced with the plus sign (+), would break the log file format.
Fields are separated by commas, making the format easier to read than the other ASCII formats, which use spaces for separators. The time is recorded as local time. A Web site instance is displayed as W3SVC*#, and an FTP site instance is displayed as MSFTPSVC#*, where # is the instance of the site. Time taken is recorded in milliseconds. For more information about the time taken field, see W3C Extended Log File Format.