Extended Logging Filter

The Extended Logging Filter (NewLog.dll) adds the HTTP-REFERER and the HTTP-USER-AGENT variables to the IIS log file.

Installation

  1. Copy NewLog.dll into your IIS install directory on your server.
  2. Run REGEDT32.EXE
  3. Go to the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W3SCVC\Parameters key
  4. Edit the "Filter Dlls" by double clicking on it.
  5. Add ",c:\path\to\NewLog.dll" to the value (including the comma, without the quotes)
  6. Save the value
  7. Exit REGEDT32.EXE
  8. Stop and restart the "World Wide Web Publishing Service"

More information

The format of the Log File is changed by this filter. Any log conversion utility that was written to use the original IIS log files (including convlog.exe that comes with IIS) will not work on these new log files.

Old log Format:
ClientIP, UserName, Date, Time, Service, ServerName, ServerIP, ProcessingTime, BytesReceived, BytesSent, ServiceStatus, Win32Status, Operation, TargetURL, Parameters
New log Format:
ClientIP, UserName, Date, Time, Service, ServerName, ServerIP, ProcessingTime, BytesReceived, BytesSent, ServiceStatus, Win32Status, Operation, TargetURL, UserAgent, Referer, Parameters

As far as IIS is concerned, this filter puts the new information into the TargetURL field. This will cause problems if IIS is configured to using ODBC logging and the length of TargetURL+UserAgent+Referer is longer than 255 chars.

Other Tools

The Convert.pl PERL script will convert IIS log files from the new format to the old format. At the same time, it will replace any "garbage" characters that may be in the log file.

Convert.pl could easily be modified to produce statistics as it converts the log. Open Convert.pl and look for the line "###Statistics Here###". This line indicates where you could add your own PERL code to get statistics on the new fields. See the comments in the header of Convert.pl for more information on what Convert.pl does.