Best Practice Ezine #46 – Logfiles

Best Practice Ezine.  Computer Performance. Advertise

Best Practice Ezine #46 – Logfiles


I have a theory about that oldest of keyboard combinations,  Ctrl + C (for copy).  It is my belief that you can judge a person’s age by how they copy information in interfaces such as Active Directory Users and Computers.  80% of those born before 1980 would use Ctrl + C.  While I predict that 80% of those born after 1980 would prefer to right-click and select copy from the short cut menu.  ‘Mad’ Mick says age is not the factor, but whether or not the person has a Novell background.  According to Mick, Novell people always map network drives, and are more likely to use keyboard shortcuts.

Barry  wrote into say: Guy,
You must be a young fella. Those of us who are truly vintage, use the Ctrl/Insert to copy,  Shift/Insert to Paste and Shift/Delete to cut.
Barry L

See more on Windows 8 Virtual Keyboards »

Run logfiles

‘Mad’ Mick surprised me again, this time he stunned me with the logfiles command.  Up until last week I thought that I knew all the Run shortcuts, however logfiles turned out to be a new gem.  All you do is click on Start (button), Run, logfiles (type). 

This handy shortcut takes you to the %systemroot%\system32\logfiles folder.  What you find in the folder depends on what you have installed.  I found the logfiles command useful for examining IIS files in the \W3SVC1 subfolder.  Does logfiles work on XP?  Yes the command works, but it’s of less interest than on a Windows 200x server.

Guy Recommends: Tools4ever’s UMRAUMRA The User Management Resource Administrator

Tired of writing scripts? The User Management Resource Administrator solution by Tools4ever offers an alternative to time-consuming manual processes.

It features 100% auto provisioning, Helpdesk Delegation, Connectors to more than 130 systems/applications, Workflow Management, Self Service and many other benefits. Click on the link for more information onUMRA.

Microsoft’s IIS Log filesIIS W3C Extended Log File Format Logfiles

Whilst I don’t always toe the Microsoft ‘party line’, I have nothing but good to say about Windows log files.  Programs like SQL and Exchange write to the Application Event log.  However, IIS has its own log files which you can investigate using the above logfiles tip.  IIS is capable of generating reports in up to 6 different formats, I would just like to alert you to two, W3C Extended Log File Format and ODBC Logging.


Directions for IIS logging: Expand your IIS Server icon, Expand Web Sites, right-click, properties, Web Site (Tab).  You should see the Enable Logging check box and underneath it: – Active Logging format.

W3C Extended Log File Format

The W3C Extended Log File Format is probably the most flexible recording format.  What I particularly like is the Advanced Tab which allows you to choose which fields and properties to record.  Naturally, remember to Run, Logfiles to see what data IIS has created.

In a nutshell, the W3C Extended Log File Format helps to troubleshoot connection problems.  In the log you can examine services like SMTP, Bytes sent or received, the time it took, and the methods used (Get).  Here is a simple example:

#Software: Internet Information Services 6.0
#Version: 1.0
#Date: 2005-02-03 12:40:23
#Fields: time      c-ip  cs-method  cs-uri-stem sc-status
(Entry) 12:40:23   GET  /indez.htm   404 
          12:42:15   GET  /index.htm   200

What this example means.

#Software: Indicates IIS v 6.0 (Probably from a Windows Server 2003)

#Version: 1.0  Means W3C Extended log format (Not ODBC)

#Fields: As the name field suggests the column heading for the data recorded. Example, cs-uri-stem means the page requested.

The entry at 12:40:23 shows a client trying to fetch (GET) the indez.htm page.  However they were unsuccessful (404), most likely because of a typo with indez. Two minutes later they corrected their mistake and got the index.htm page (sc-status 200).

Naturally, each situation calls for different Fields, and that’s where the Advanced tab for W3C Extended Log comes in handy.  Not only can you select the Fields to suit your troubleshooting, but also this tab explains the meanings, for example, (s-ip) translates to: server IP address.

Another application of this troubleshooting idea is to investigate firewalls on an XP Machine.  Once again you can log with W3C Extended Log File Format, then Run, logfiles to see the data.

ODBC Logging

This format is best for analysing the data once you have recorded what you need.  However, to collect information you should have a SQL database available to store the data.

Note: the logging properties and menus vary between the different versions of IIS.  Version 6.0 on Windows Server 2003 has all the latest features.


Run,  Logfiles is a worthy addition to your shortcut commands.   Follow through and master the W3C Extended Log File Format, the results will help you to troubleshooting IIS connection problems.

See more on Logfiles here

See more interesting permissions and Active Directory articles

E 63 Catalog  • E 60 ADModify  • E 59 ADSIEdit  • E 58 FSMO  •Free CSV Import Utility

E 52 Wins  • E 46 Logs   •E 45 LDAP Tips  •E 26 MMC  • E 21 Users Template  • E 17 CACLS  • Ezines

E 12 SQL  • E 8 Security Permissions  •Review of Solarwinds Permissions Monitor for AD