This topic lists definitions of logging properties and their values for the W3C Extended logging format. It is divided into these sections:
Field |
Appears As |
Description |
Date |
date |
The date on which the activity occurred. |
Time |
time |
The time the activity occurred. |
Client IP Address |
c-ip |
The IP address of the client that accessed your server. |
User Name |
c-username |
The name of the authenticated user who accessed your server. This does not include anonymous users, which are represented by a hyphen. |
Service Name and Instance Number |
s-sitename |
The Internet service and instance number that was running on the client computer. |
Server Name |
s-computername |
The name of the server on which the log entry was generated. |
Server IP |
s-ip |
The IP address of the server on which the log entry was generated. |
Method |
cs-method |
The action the client was trying to perform (for example, a GET method). |
URI Stem |
cs-uri-stem |
The resource accessed; for example, Default.htm. |
URI Query |
cs-uri-query |
The query, if any, the client was trying to perform. |
Http Status |
sc-status |
The status of the action, in HTTP terms. |
Win32 Status |
sc-win32-status |
The status of the action, in terms used by Windows 2000. |
Bytes Sent |
sc-bytes |
The number of bytes sent by the server. |
Bytes Received |
cs-bytes |
The number of bytes received by the server. |
Server Port |
s-port |
The port number the client is connected to. |
Time Taken |
time-taken |
The length of time the action took. |
Protocol Version |
cs-protocol |
The protocol (HTTP, FTP) version used by the client. For HTTP this will be either HTTP 1.0 or HTTP 1.1.
|
User Agent |
cs(User-Agent) |
The browser used on the client. |
Cookie |
cs(Cookie) |
The content of the cookie sent or received, if any. |
Referrer |
cs(Referer) |
The previous site visited by the user. This site provided a link to the current site. |
Field |
Appears As |
Description |
Process Type |
s-proc-type |
The type of process that triggered the event, either CGI or out-of-process application. The type can be CGI, Application, or All. |
Process Event |
s-event |
Which event was triggered: Site-Stop, Site-Start, Site-Pause, Periodic-Log, Interval-Start, Interval-End, Interval-Change, Log-Change-Int/Start/Stop, Eventlog-Limit, Priority-Limit, Process-Stop-Limit, Site-Pause-Limit, Eventlog-Limit-Reset, Priority-Limit-Reset, Process-Stop-Limit-Reset, or Site-Pause-Limit-Reset. Click for a description of these values. |
Total User Time |
s-user-time |
The total accumulated User Mode processor time, in seconds, that the site used during the current interval. |
Total Kernel Time |
s-kernel-time |
The total accumulated Kernel Mode processor time, in seconds, that the site used during the current interval. |
Total Page Faults |
s-page-faults |
The total number of memory references that resulted in memory page faults. |
Total Processes |
s-total-procs |
The total number of CGI and out-of-process applications created during the current interval. |
Active Processes |
s-active-procs |
The total number of CGI and out-of-process applications running when the log was recorded. |
Total Terminated Processes |
s-stopped-procs |
The total number of CGI and out-of-process applications stopped due to process throttling during the current interval. |
Value |
Meaning |
Site-Stop |
The Web site was stopped for some reason. |
Site-Start |
The Web site was started or restarted. |
Site-Pause |
The Web site was paused. |
Periodic-Log |
This is a regularly defined log entry whose interval was specified by the administrator. |
Interval-Start |
The Reset Interval has begun. |
Interval-End |
The Reset Interval has been reached and reset. |
Interval-Change |
The Web site administrator changed the value for the Reset Interval. |
Log-Change-Int/Start/Stop |
One of these events happened: the log interval was changed; an interval event took place; or the site either stopped, started, or paused. |
Eventlog-Limit |
An event log was made for the Web site because a CGI or out-of-process application reached the event log limit set by the administrator. |
Priority-Limit |
The Web site had a CGI or out-of-process application set to low priority because it reached the low priority limit set by the administrator. |
Process-Stop-Limit |
The Web site had a CGI or out-of-process application stopped because it reached the process stopping limit set by the administrator. |
Site-Pause-Limit |
The Web site was paused because a CGI or out-of-process application reached the site pause limit set by the administrator. |
Eventlog-Limit-Reset |
The Reset Interval was reached, or the Eventlog-Limit was manually reset. |
Priority-Limit-Reset |
The Reset Interval was reached, or the Priority-Limit was manually reset. |
Process-Stop-Limit-Reset |
The Reset Interval was reached, or the Process-Stop-Limit was manually reset. |
Site-Pause-Limit-Reset |
The Reset Interval was reached, or the Site-Pause-Limit was manually reset. |