Logging Properties Reference

This topic lists definitions of logging properties and their values for the W3C Extended logging format. It is divided into these sections:

For more information on the W3C Extended log format, see the W3C Web site at http://www.w3.org/.

W3C Extended Logging Definitions

Prefix Meaning
s- Server actions
c- Client actions
cs- Client-to-server actions
sc- Server-to-client actions


Field Appears As Description
Date date The date on which the activity occurred.
Time time The time the activity occurred.
Client IP Address c-ip The IP address of the client that accessed your server.
User Name c-username The name of the authenticated user who accessed your server. This does not include anonymous users, which are represented by a hyphen.
Service Name and Instance Number s-sitename The Internet service and instance number that was running on the client computer.
Server Name s-computername The name of the server on which the log entry was generated.
Server IP s-ip The IP address of the server on which the log entry was generated.
Method cs-method The action the client was trying to perform (for example, a GET method).
URI Stem cs-uri-stem The resource accessed; for example, Default.htm.
URI Query cs-uri-query The query, if any, the client was trying to perform.
Http Status sc-status The status of the action, in HTTP terms.
Win32 Status sc-win32-status The status of the action, in terms used by Windows 2000.
Bytes Sent sc-bytes The number of bytes sent by the server.
Bytes Received cs-bytes The number of bytes received by the server.
Server Port s-port The port number the client is connected to.
Time Taken time-taken The length of time the action took.
Protocol Version cs-protocol The protocol (HTTP, FTP) version used by the client. For HTTP this will be either HTTP 1.0 or HTTP 1.1.
User Agent cs(User-Agent) The browser used on the client.
Cookie cs(Cookie) The content of the cookie sent or received, if any.
Referrer cs(Referer) The previous site visited by the user. This site provided a link to the current site.

Process Accounting Logging Definitions

Field Appears As Description
Process Type s-proc-type The type of process that triggered the event, either CGI or out-of-process application. The type can be CGI, Application, or All.
Process Event s-event Which event was triggered: Site-Stop, Site-Start, Site-Pause, Periodic-Log, Interval-Start, Interval-End, Interval-Change, Log-Change-Int/Start/Stop, Eventlog-Limit, Priority-Limit, Process-Stop-Limit, Site-Pause-Limit, Eventlog-Limit-Reset, Priority-Limit-Reset, Process-Stop-Limit-Reset, or Site-Pause-Limit-Reset. Click for a description of these values.
Total User Time s-user-time The total accumulated User Mode processor time, in seconds, that the site used during the current interval.
Total Kernel Time s-kernel-time The total accumulated Kernel Mode processor time, in seconds, that the site used during the current interval.
Total Page Faults s-page-faults The total number of memory references that resulted in memory page faults.
Total Processes s-total-procs The total number of CGI and out-of-process applications created during the current interval.
Active Processes s-active-procs The total number of CGI and out-of-process applications running when the log was recorded.
Total Terminated Processes s-stopped-procs The total number of CGI and out-of-process applications stopped due to process throttling during the current interval.

Value Meaning
Site-Stop The Web site was stopped for some reason.
Site-Start The Web site was started or restarted.
Site-Pause The Web site was paused.
Periodic-Log This is a regularly defined log entry whose interval was specified by the administrator.
Interval-Start The Reset Interval has begun.
Interval-End The Reset Interval has been reached and reset.
Interval-Change The Web site administrator changed the value for the Reset Interval.
Log-Change-Int/Start/Stop One of these events happened: the log interval was changed; an interval event took place; or the site either stopped, started, or paused.
Eventlog-Limit An event log was made for the Web site because a CGI or out-of-process application reached the event log limit set by the administrator.
Priority-Limit The Web site had a CGI or out-of-process application set to low priority because it reached the low priority limit set by the administrator.
Process-Stop-Limit The Web site had a CGI or out-of-process application stopped because it reached the process stopping limit set by the administrator.
Site-Pause-Limit The Web site was paused because a CGI or out-of-process application reached the site pause limit set by the administrator.
Eventlog-Limit-Reset The Reset Interval was reached, or the Eventlog-Limit was manually reset.
Priority-Limit-Reset The Reset Interval was reached, or the Priority-Limit was manually reset.
Process-Stop-Limit-Reset The Reset Interval was reached, or the Process-Stop-Limit was manually reset.
Site-Pause-Limit-Reset The Reset Interval was reached, or the Site-Pause-Limit was manually reset.

© 1997-1999 Microsoft Corporation. All rights reserved.