Logging User Activity on IIS6

So Our Web team has been asked to Log all of the activity on our Server.
They need to know who accessed the URL, what the URL and Any Parameters/POST
info was and when it was accessed.

They have some ASP Script at the bottom of every page that logs the Data to
a SQL Server.

Seems like it would be more Efficient to use an ISAPI filter or Web Service
Extension to log the info we needed.

Any Suggestions?

Thanks,
Scott<-

Re: Logging User Activity on IIS6

Do you have experience with ISAPI development? ASP/ASP.NET is far easier to
implement such things in.

Since IIS 7 is moving away from ISAPI, why spend time (and money) on
something that will be useless in the future?

How do you identify a user? Perhaps what you are looking for is already in
the IIS log file?
--
Regards,
Kristofer Gafvert
http://www.gafvert.info/iis/ - IIS Related Info


"Scott Townsend" skrev i meddelandet
news:%23l1zrYOlIHA.484@TK2MSFTNGP06.phx.gbl...
> So Our Web team has been asked to Log all of the activity on our Server.
> They need to know who accessed the URL, what the URL and Any
> Parameters/POST info was and when it was accessed.
>
> They have some ASP Script at the bottom of every page that logs the Data
> to a SQL Server.
>
> Seems like it would be more Efficient to use an ISAPI filter or Web
> Service Extension to log the info we needed.
>
> Any Suggestions?
>
> Thanks,
> Scott<-
>

Re: Logging User Activity on IIS6

On Apr 2, 12:56=A0pm, "Kristofer Gafvert"
wrote:
> Do you have experience with ISAPI development? ASP/ASP.NET is far easier t=
o
> implement such things in.
>
> Since IIS 7 is moving away from ISAPI, why spend time (and money) on
> something that will be useless in the future?

What exactly does that mean?

Will programmers who program in standard C++ continue to be able to
write DLL's that interact with the web server host EXE? Microsoft
calls these modules...but...

-Le Chaud Lapin-

RE: Logging User Activity on IIS6

Hi Scott,

If realtime monitoring isn't required, I think you just need to use some
log analysis tools to extract the info from the site's IIS log files. In
this case, you don't need to write your own ISAPI code for the logging(may
be duplicate with IIS built-in logging function) and it doesn't lead to
additional cost of the server performance.

For example, AWStats is a very popluar one.

AWStats - Free log file analyzer for advanced statistics (GNU GPL)
http://awstats.sourceforge.net/?seenIEPage=1

To extract and save the data into SQL, you can utilize Log Parser which is
quite flexible and can help you reduce much coding workload in implementing
this kind of scenario.

Log Parser 2.2
http://www.microsoft.com/downloads/details.aspx?FamilyID=890 cd06b-abf8-4c25-
91b2-f8d975cf8c07&displaylang=en

I hope the information helps.

Have a great day.

Sincerely,

WenJun Zhang

Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@microsoft.com.

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/de fault.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx .
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Re: Logging User Activity on IIS6

"WenJun wrote on Thu, 03 Apr 2008 08:49:57 GMT:

> Hi Scott,

> If realtime monitoring isn't required, I think you just need to use
> some log analysis tools to extract the info from the site's IIS log
> files. In this case, you don't need to write your own ISAPI code for
> the logging(may be duplicate with IIS built-in logging function) and
> it doesn't lead to additional cost of the server performance.

Except that the logs don't include POST data without an ISAPI to add this.

--
Dan

Re: Logging User Activity on IIS6

Sorry, it has been a hectic few weeks. I had forgotten I posted that info.



They want the POST data from the URL, so unless there is a simple way to
inject that into the Log Files, they wont work. They also want to know the
User that initiated the Query.



I might be able to talk to them about the POST info. We downloaded
LogParser and its not an intuitive as I would have hoped. )-;



Though It might work for what we want. Run it once a day and push the Log
data into SQL.



For the user Logging, why are some entries missing the user?



2008-04-09 00:00:34 GET /_layouts/spiffycal/btn_del_small_gif -
80
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30)
404 0 2

2008-04-09 00:00:34 GET
/_layouts/spiffycal/btn_close_small_gif - 80 -
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30)
401 2 2148074254

2008-04-09 00:00:34 GET
/_layouts/spiffycal/btn_close_small_gif - 80 -
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30)
401 1 0

2008-04-09 00:00:34 GET
/_layouts/spiffycal/btn_close_small_gif - 80
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30)
404 0 2

2008-04-09 00:00:41 GET/default.asp
contact=41524&msg=Insert+successful 80
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30)
200 0 0

2008-04-09 00:01:30 POST /default.aspx
userid=A304&tabid=DT&msg=Insert+successful 80 -
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+.NET+CL R+3.0.04506.648)
401 1 0

2008-04-09 00:01:30 POST /default.aspx
userid=A304&tabid=DT&msg=Insert+successful 80
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+.NET+CL R+3.0.04506.648)
200 0 0

2008-04-09 00:01:32 GET/newtask.asp
contact=23994&tasktype=Meeting 80 -
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727)
401 2 2148074254

2008-04-09 00:01:32 GET/newtask.asp
contact=23994&tasktype=Meeting 80 -
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727)
401 1 0

2008-04-09 00:01:32 GET/newtask.asp
contact=23994&tasktype=Meeting 80
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727)
200 0 0





""WenJun Zhang[msft]"" wrote in message
news:jyeV5eWlIHA.1036@TK2MSFTNGHUB02.phx.gbl...
> Hi Scott,
>
> If realtime monitoring isn't required, I think you just need to use some
> log analysis tools to extract the info from the site's IIS log files. In
> this case, you don't need to write your own ISAPI code for the logging(may
> be duplicate with IIS built-in logging function) and it doesn't lead to
> additional cost of the server performance.
>
> For example, AWStats is a very popluar one.
>
> AWStats - Free log file analyzer for advanced statistics (GNU GPL)
> http://awstats.sourceforge.net/?seenIEPage=1
>
> To extract and save the data into SQL, you can utilize Log Parser which is
> quite flexible and can help you reduce much coding workload in
> implementing
> this kind of scenario.
>
> Log Parser 2.2
> http://www.microsoft.com/downloads/details.aspx?FamilyID=890 cd06b-abf8-4c25-
> 91b2-f8d975cf8c07&displaylang=en
>
> I hope the information helps.
>
> Have a great day.
>
> Sincerely,
>
> WenJun Zhang
>
> Microsoft Online Community Support
>
> Delighting our customers is our #1 priority. We welcome your comments and
> suggestions about how we can improve the support we provide to you. Please
> feel free to let my manager know what you think of the level of service
> provided. You can send feedback directly to my manager at:
> msdnmg@microsoft.com.
>
> ==================================================
> Get notification to my posts through email? Please refer to
> http://msdn.microsoft.com/subscriptions/managednewsgroups/de fault.aspx#notif
> ications.
>
> Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
> where an initial response from the community or a Microsoft Support
> Engineer within 1 business day is acceptable. Please note that each follow
> up response may take approximately 2 business days as the support
> professional working with you may need further investigation to reach the
> most efficient resolution. The offering is not appropriate for situations
> that require urgent, real-time or phone-based interactions or complex
> project analysis and dump analysis issues. Issues of this nature are best
> handled working with a dedicated Microsoft Support Engineer by contacting
> Microsoft Customer Support Services (CSS) at
> http://msdn.microsoft.com/subscriptions/support/default.aspx .
> ==================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>

Re: Logging User Activity on IIS6

Scott wrote on Thu, 10 Apr 2008 07:28:02 -0700:

> For the user Logging, why are some entries missing the user?

> 2008-04-09 00:00:34 GET
> /_layouts/spiffycal/btn_close_small_gif - 80 -
> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+ 1.1.4322;+.
> NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30) 401 2 2148074254

Look carefully at the log entries - the response is 401. This is the browser
not sending any authentication data, and IIS returning a 401 to request the
information. If your site requires authentication for every request you will
get lots of 401 response with no user ID - this is how the browser makes the
requests.

--
Dan

Re: Logging User Activity on IIS6

Hi Scott,

The field between server port and client IP is client username. '-' here
means these clients attempted to connect to the server anonymously and
failed to pass the authentication.

Usually if sequent request is not anonymous, it isn't a incorrect record
because IE will always try to connect to a web site anonymously at first.

Please update here if you have any further question.

Thanks.

Sincerely,

WenJun Zhang

Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@microsoft.com.

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/de fault.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx .
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.