IIS log files are created by Internet Information Server. Loggable events are http transactions, i.e., everytime a certain EUCARIS service is used, e.g. a public service, internal service or client service, an entry is written in the IIS log. For general information about IIS logging: https://msdn.microsoft.com/en-us/library/ms525410(v=vs.90).aspx
The EUCARIS Health Centre reads and analyses the IIS log files. The information is retrieved from all EUCARIS servers installed in a member state. The information is collected, aggregated and stored in the EUCARIS database.
More detailed information can be obtained in the functional documentation via this link(**).
Configuration
By default, an EUCARIS installation requires the W3C file logging feature in Microsoft’s Internet Information Server (IIS) to be enabled for diagnostics purposes. The W3C logging is now utilized for the EUCARIS Health Centre, and in order to collect data for the EUCARIS Health Centre it is important that the data is available and consistent between EUCARIS instances. The Configuration Tool (SU-CT96 and higher) ensures harmonisation of the IIS log for all EUCARIS instances by using the following features:
- In the Advanced mode, menu Task > Configure IIS Logging, or
- During the shutdown of the Configuration Tool, the logging configuration of all EUCARIS sites are checked. If they do not match the default, the following message will appear:
IIS logging is NOT correctly configured. The configuration of the IIS logging must be set properly in order to utilize this logging for the EUCARIS Health Center. Do you want to configure this automatically?The EUCARIS Default IIS logging settings will be set by pressing “Yes”.
EUCARIS Default IIS logging
EUCARIS uses the following default IIS log settings:
| Attribute | Setting |
| Log file enabled | True |
| Log file format | W3c |
| Log file rollover | Daily |
| Log file flushing | Disabled |
| Log file target | File |
| Log file max line length | 65536 |
| Local time rollover | False (UTC time is used in logging, so it is logical to also use UTC for rollover time) |
| Log file directory | %SystemDrive%\inetpub\logs\LogFiles (is only set when Log file directory was not set prior to this action) |
Additional log attributes enabled:
| Value | Description |
| BytesRecv | Log the number of bytes that the server received. |
| BytesSent | Log the number of bytes that the server sent. |
| ClientIP | Log the IP address of the client that made the request. |
| ComputerName | Log the name of the server on which the log file entry was generated. |
| Date | Log the date on which the activity occurred. |
| Host | Log the host header name, if there is one. |
| HttpStatus | Log the HTTP status code. |
| HttpSubStatus | Log the sub-status code of the HTTP error. For example, for the 500.18 HTTP error, the status code is 500 and the sub-status code is 18. |
| Method | Log the requested action. For example, GET, POST, etc. |
| ProtocolVersion | Log the protocol version that the client used. |
| Referer | Log the site that the user last visited. This site provided a link to the current site. |
| ServerIP | Log the IP address of the server on which the log file entry was generated. |
| ServerPort | Log the server port number that is configured for the site. |
| SiteName | Log the Internet service name and instance number for the site. |
| Time | Log the time in Coordinated Universal Time (UTC), at which the activity occurred. |
| TimeTaken | Log the length of time taken for a request to be completed. The time taken is recorded in milliseconds. Note: The client-request timestamp is initialized when HTTP.sys receives the first byte, but before HTTP.sys begins to parse the request. The client-request timestamp is stopped when the last IIS send completion occurs. Time taken does not reflect time across the network. The first request to the site shows a slightly longer time taken than other similar requests because HTTP.sys opens the log file that contains the first request. |
| UriQuery | Log the query, if any, that the client was trying to perform. A Universal Resource Identifier (URI) query is necessary only for dynamic pages, and usually consists of parameters passed to the URL. |
| UriStem | Log the Universal Resource Identifier (URI) stem information, which is the target of the action. For example, Default.htm. |
| UserAgent | Log the browser type that the client used. |
| UserName | Log the name of the authenticated user who accessed your server. Anonymous users are indicated by a hyphen. |
| Win32Status | Log the Windows status code. |
Additional log attributes disabled:
| Value | Description |
| Cookie | Log the content of the cookie that was sent or received, if any content exists. |
** Valid credentials are required to access the files on this site. Credentials can be requested via EUCARIS Operations