How to locate IIS server log files: A definitive guide

Microsoft IIS is a widely used web server application for hosting websites. Monitoring IIS web server logs is an effective way to prevent a malicious entity launching attacks on your network. This article will explain the steps involved in locating your IIS log files.

To locate the IIS log files of a website, you need the following:

• The site ID
• The directory

You can find them in IIS Manager by following these simple steps:

Launch IIS Manager

Go to Windows Control Panel > System and Security > Administrative Tools > Internet Information Services (IIS).

OR

Open the Run dialog box > type inetmgr > click OK.

IIS Manager will be launched.

Fig 1.1 shows the home window of IIS Manager with the following sections highlighted:

• The Connections pane
• The Features View
• The Actions pane

Make sure to locate them to follow along with the remaining steps.

Finding the site ID:

The site ID is used to uniquely identify the log folders of different websites.

• In the Connections pane, click the Sites drop-down menu and find the list of all websites hosted in the IIS server. The site ID of all websites will be displayed in a list view.


If you cannot find the ID, follow the next step

• In the Actions pane, click the Settings option. The site ID will be displayed in the Advanced Settings window.

Finding the location of the IIS log files:

Generally, IIS log files are stored in this default path:
%SystemDrive%\inetpub\logs\LogFiles

• Go to Windows File Explorer > C Drive > Inetpub folder > Logs folder > LogFiles.
Once you open the LogFiles folder, you will find multiple sub-folders of
different websites named in this pattern: W3SVC +Site ID.
If your site ID is 10, then open the folder named W3SVC10.

In case the folders can’t be found in this default path, follow the next step

• In IIS Manager, after selecting a website in the Connections pane, select Features View and double-click the Logging icon. The logging window will open. Scroll through to find the Directory field and use the path mentioned there to locate your log files.

Locating log files of earlier IIS versions:

For versions IIS 1.0-IIS 6.0, follow these steps to locate your log files:

• Launch IIS Manager.
• In the Connections pane, click the Sites menu. Find the site for which you want to view the logs, right-click it, and select Properties.
• From there, go to Active Log Format > Website tab > General Properties, then scroll down to find the directory field.

The full path along with the sub-folder name will be displayed like this:
%SystemDrive%\Windows\System32\LogFiles\W3SVC8

If you're still unable to find the IIS log files, it's possible logging might have been turned off.

How to enable logging in your IIS web server

Open IIS Manager. In the Connections pane, click the website you want to enable logging for > click Features View > double-click the Logging icon > click Enable in the Actions pane.

Simplifying IIS log access and analysis

Manually enabling IIS web server logging and analyzing the logs is quite tedious. To overcome this challenge, we have log management tools like ManageEngine EventLog Analyzer that automate the collection, monitoring, analysis, and retention of your IIS web server logs in a central server.

Apart from generating real-time alerts and reports for IIS server incidents, EventLog Analyzer also provides deeper insights into critical information such as HTTP status code summaries, password changes, top users, admin resource accesses, and server configuration changes.

Check out and download a 30-day, free trial of EventLog Analyzer here.