Extended Logging Filter
The Extended Logging Filter (NewLog.dll) adds the HTTP-REFERER and the
HTTP-USER-AGENT variables to the IIS log file.
Installation
- Copy NewLog.dll into your IIS install directory on your server.
- Run REGEDT32.EXE
- Go to the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W3SCVC\Parameters key
- Edit the "Filter Dlls" by double clicking on it.
- Add ",c:\path\to\NewLog.dll" to the value (including the comma, without the quotes)
- Save the value
- Exit REGEDT32.EXE
- Stop and restart the "World Wide Web Publishing Service"
More information
The format of the Log File is changed by this filter. Any log conversion utility
that was written to use the original IIS log files (including convlog.exe that
comes with IIS) will not work on these new log files.
- Old log Format:
- ClientIP, UserName, Date, Time, Service, ServerName, ServerIP, ProcessingTime, BytesReceived, BytesSent, ServiceStatus, Win32Status, Operation, TargetURL, Parameters
- New log Format:
- ClientIP, UserName, Date, Time, Service, ServerName, ServerIP, ProcessingTime, BytesReceived, BytesSent, ServiceStatus, Win32Status, Operation, TargetURL, UserAgent, Referer, Parameters
As far as IIS is concerned, this filter puts the new information into the
TargetURL field. This will cause problems if IIS is configured to using
ODBC logging and the length of TargetURL+UserAgent+Referer is longer than 255 chars.
Other Tools
The Convert.pl PERL script will convert IIS log files from the new format to the old
format. At the same time, it will replace any "garbage" characters that may
be in the log file.
Convert.pl could easily be modified to produce statistics as it converts the log. Open
Convert.pl and look for the line "###Statistics Here###". This line indicates
where you could add your own PERL code to get statistics on the new fields. See the comments
in the header of Convert.pl for more information on what Convert.pl does.