Файлы журнала Log files

Относится к: Applies to

Это тема уровня 400 (расширенный). This is a 400 level topic (advanced).
Полный список тем в этой статье см. в разделе Устранение ошибок при обновлении до Windows 10. See Resolve Windows 10 upgrade errors for a full list of topics in this article.

Во время каждого этапа процесса обновления создаются несколько файлов журнала. Several log files are created during each phase of the upgrade process. Эти файлы журнала необходимы для устранения неполадок при обновлении. These log files are essential for troubleshooting upgrade problems. По умолчанию папки, содержащие эти файлы журнала, скрыты на компьютере, где выполняется обновление. By default, the folders that contain these log files are hidden on the upgrade target computer. Для просмотра файлов журнала включите отображение скрытых элементов в проводнике Windows или используйте средство, чтобы автоматически собирать эти журналы. To view the log files, configure Windows Explorer to view hidden items, or use a tool to automatically gather these logs. Самый полезный журнал — setupact.log. The most useful log is setupact.log. Файлы журнала находятся в разных папках в зависимости от этапа установки Windows. The log files are located in a different folder depending on the Windows Setup phase. Как мы уже знаем, вы можете определить этап из кода расширения. Recall that you can determine the phase from the extend code.

Кроме того, в этом документе см. раздел Отчет об ошибках Windows, чтобы помочь найти коды ошибок и файлы журналов. Also see the Windows Error Reporting section in this document for help locating error codes and log files.

В следующей таблице описаны некоторые файлы журнала и способы их использования для устранения неполадок. The following table describes some log files and how to use them for troubleshooting purposes:

Файл журнала Log file	Этап: расположение Phase: Location	Описание Description	Варианты использования When to use
setupact.log setupact.log	Нижний уровень: Down-Level: $Windows. BT\Sources\Panther	Содержит сведения о действиях программы установки на низкоуровневом этапе. Contains information about setup actions during the downlevel phase.	Все ошибки нижнего уровня и отправная точка для анализа отката. All down-level failures and starting point for rollback investigations. Это самый важный журнал для диагностики проблем с установкой. This is the most important log for diagnosing setup issues.
	Запуск при первом включении: OOBE: $Windows. BT\Sources\Panther\UnattendGC	Содержит сведения о действиях на этапе запуска при первом включении. Contains information about actions during the OOBE phase.	Исследование откатов, сбой которых произошел на этапе первого включения компьютера: 0x4001C, 0x4001D, 0x4001E и 0x4001F. Investigating rollbacks that failed during OOBE phase and operations – 0x4001C, 0x4001D, 0x4001E, 0x4001F.
	Откат: Rollback: $Windows. BT\Sources\Rollback	Содержит сведения о действиях во время отката. Contains information about actions during rollback.	Исследование откатов общего характера: 0xC1900101. Investigating generic rollbacks — 0xC1900101.
	Предварительная инициализация (до низкоуровневого этапа): Pre-initialization (prior to downlevel): Windows Windows	Содержит сведения об инициализации установки. Contains information about initializing setup.	Если не удается запустить программу установки. If setup fails to launch.
	После обновления (после первого запуска компьютера): Post-upgrade (after OOBE): Windows\Panther Windows\Panther	Содержит сведения о действиях программы установки во время установки. Contains information about setup actions during the installation.	Исследование проблем, связанных с процессами после обновления. Investigate post-upgrade related issues.
setuperr.log setuperr.log	Аналогично setupact.log Same as setupact.log	Содержит сведения об ошибках программы установки во время установки. Contains information about setup errors during the installation.	Просмотрите все ошибки, возникающие на этапе установки. Review all errors encountered during the installation phase.
miglog.xml miglog.xml	После обновления (после первого запуска компьютера): Post-upgrade (after OOBE): Windows\Panther Windows\Panther	Содержит сведения о том, что было перенесено во время установки. Contains information about what was migrated during the installation.	Определение проблем, возникающих после переноса данных обновления. Identify post upgrade data migration issues.
BlueBox.log BlueBox.log	Нижний уровень: Down-Level: Windows\Logs\Mosetup Windows\Logs\Mosetup	Содержит сведения о взаимодействии setup.exe и Центра обновления Windows. Contains information communication between setup.exe and Windows Update.	Используйте при возникновении ошибок WSUS и WU нижнего уровня, а также для 0xC1900107. Use during WSUS and WU down-level failures or for 0xC1900107.
Вспомогательные журналы отката: Supplemental rollback logs: Setupmem.dmp Setupmem.dmp setupapi.dev.log setupapi.dev.log Журналы событий (\*.evtx) Event logs (\*.evtx)	$Windows. BT\Sources\Rollback	Дополнительные журналы, собранные во время отката. Additional logs collected during rollback.	Setupmem.dmp. Если ошибка ОС проверяется во время обновления, настройка попытается извлечь мини-свалку. Setupmem.dmp: If OS bug checks during upgrade, setup will attempt to extract a mini-dump. Setupapi: проблемы с установкой устройства — 0x30018 Setupapi: Device install issues — 0x30018 Журналы событий: откаты общего характера (0xC1900101) или неожиданные перезагрузки. Event logs: Generic rollbacks (0xC1900101) or unexpected reboots.

Структура записи журнала Log entry structure

Запись setupact.log или setuperr.log (файлы расположены в C:\Windows) содержит следующие элементы: A setupact.log or setuperr.log entry (files are located at C:\Windows) includes the following elements:

1. Дата и время — 08-09-2016 09:20:05. The date and time — 2016-09-08 09:20:05.
2. Уровень журнала — сведения, предупреждение, ошибка, неустранимая ошибка. The log level — Info, Warning, Error, Fatal Error.
3. Компонент ведения журнала — CONX, MOUPG, PANTHR, SP, IBSLIB, MIG, DISM, CSI, CBS. The logging component — CONX, MOUPG, PANTHR, SP, IBSLIB, MIG, DISM, CSI, CBS.
   • Компоненты ведения журнала SP (платформы установки), MIG (модуль миграции) и CONX (сведения о совместимости) будут особенно полезны для устранения неполадок программы установки Windows. The logging components SP (setup platform), MIG (migration engine), and CONX (compatibility information) are particularly useful for troubleshooting Windows Setup errors.

4. Сообщение — Операция успешно завершена. The message — Operation completed successfully.

См. перечисленные ниже примеры. See the following example:

Дата и время Date/Time	Уровень журнала Log level	Компонент Component	Сообщение Message
2016-09-08 09:23:50, 2016-09-08 09:23:50,	Предупреждение Warning	MIG MIG	Не удалось заменить объект C:\Users\name\Cookies. Could not replace object C:\Users\name\Cookies. Целевой объект не может быть удален. Target Object cannot be removed.

Анализ файлов журнала Analyze log files

Следующие инструкции предназначены для специалистов по ИТ. The following instructions are meant for IT professionals. См. также раздел Коды ошибок обновления данного руководства, чтобы ознакомиться с кодами результатов и кодами расширения. Also see the Upgrade error codes section in this guide to familiarize yourself with result codes and extend codes.

Анализ файлов журнала установки Windows To analyze Windows Setup log files:

1. Определите код ошибки программы установки Windows. Determine the Windows Setup error code. Этот код должен быть возвращен программой установки Windows в случае сбоя в процессе обновления. This code should be returned by Windows Setup if it is not successful with the upgrade process.
2. На основе кода расширения в коде ошибки определите тип и расположение файлов журналов для изучения. Based on the extend code portion of the error code, determine the type and location of a log files to investigate.
3. Откройте файл журнала в текстовом редакторе, например в «Блокноте». Open the log file in a text editor, such as notepad.
4. Найдите код результата из кода ошибки программы установки Windows, выполните поиск кода результата в файле и найдите последний экземпляр кода. Using the result code portion of the Windows Setup error code, search for the result code in the file and find the last occurrence of the code. Кроме того, ищите прервать и отказаться от текстовых строк, » » » описанных на шаге 7 ниже. Alternatively search for the «abort» and abandoning» text strings described in step 7 below.
5. Поиск последнего экземпляра кода результата To find the last occurrence of the result code:
   1. Прокрутите до конца файла и щелкните после последнего символа. Scroll to the bottom of the file and click after the last character.
   2. Нажмите кнопку Изменить . Click Edit .
   3. Нажмите кнопку Найти . Click Find .
   4. Введите код результата. Type the result code.
   5. В разделе Направление выберите Вверх. Under Direction select Up.
   6. Нажмите кнопку Найти далее. Click Find Next.

6. После нахождения последнего экземпляра кода результата прокрутите файл на несколько строк вверх и просмотрите процессы, которые вызвали ошибку перед созданием кода результата. When you have located the last occurrence of the result code, scroll up a few lines from this location in the file and review the processes that failed just prior to generating the result code.
7. Найдите следующие важные текстовые строки: Search for the following important text strings:
   • «Приложение оболочки запросило отмену»; Shell application requested abort
   • «Отмена применения из-за ошибки объекта». Abandoning apply due to error for object

8. Декодируйте ошибки Win32, которые отображаются в этом разделе. Decode Win32 errors that appear in this section.
9. Запишите метку времени наблюдаемых ошибок в этом разделе. Write down the timestamp for the observed errors in this section.
10. Выполните поиск дополнительных сведений, соответствующих этим меткам времени или ошибкам, в других файлах журналов. Search other log files for additional information matching these timestamps or errors.

Например, предположим, что код ошибки — 0x8007042B — 0x2000D. For example, assume that the error code for an error is 0x8007042B — 0x2000D. Если выполнить поиск «8007042B», мы обнаружим следующее содержимое из файла setuperr.log: Searching for «8007042B» reveals the following content from the setuperr.log file:

Некоторые строки в тексте ниже сокращены для удобства. Some lines in the text below are shortened to enhance readability. Дата и время в начале каждой строки (например, 2016-10-05 15:27:08) сокращены до минут и секунд, а имя файла сертификата, которое задано как длинная текстовая строка, сокращено до «CN». The date and time at the start of each line (ex: 2016-10-05 15:27:08) is shortened to minutes and seconds, and the certificate file name which is a long text string is shortened to just «CN.»

Содержимое файла setuperr.log : setuperr.log content:

В первой строке указано, что произошла ошибка 0x00000570 с файлом C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN] (как показано ниже): The first line indicates there was an error 0x00000570 with the file C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN] (shown below):

0x00000570 — это код ошибки Win32, соответствующий ошибке «ERROR_FILE_CORRUPT. Файл или папка повреждены. Чтение невозможно». The error 0x00000570 is a Win32 error code corresponding to: ERROR_FILE_CORRUPT: The file or directory is corrupted and unreadable.

Поэтому программе установки Windows не удалось перенести поврежденный файл C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\ [CN]. Therefore, Windows Setup failed because it was not able to migrate the corrupt file C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18[CN]. Этот файл — локальный сертификат системы, и его можно удалить. This file is a local system certificate and can be safely deleted. После поиска в файле setupact.log дополнительных сведений найдена фраза «Приложение оболочки запросило отмену» в расположении с такой же меткой времени, как у строк в файле setuperr.log. Searching the setupact.log file for additional details, the phrase «Shell application requested abort» is found in a location with the same timestamp as the lines in setuperr.log. Это подтверждает наши подозрение, что этот файл — причина сбоя обновления: This confirms our suspicion that this file is the cause of the upgrade failure:

Содержимое файла setupact.log : setupact.log content:

setupapi.dev.log content: setupapi.dev.log content:

Этот анализ показывает, что ошибку обновления Windows можно устранить, удалив файл C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\ [CN]. This analysis indicates that the Windows upgrade error can be resolved by deleting the C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18[CN] file. Примечание. В этом примере полное имя файла — C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\be8228fb2d3cb6c6b0ccd9ad51b320b4_a43d512c-69f2-42de-aef9-7a88fabdaa3f. Note: In this example, the full, unshortened file name is C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\be8228fb2d3cb6c6b0ccd9ad51b320b4_a43d512c-69f2-42de-aef9-7a88fabdaa3f.

Default Log File Settings for Web Sites

Overview

The element of the element contains attributes that allow you to configure default logging for a site on IIS 7 and later.

For example, you can enable or disable logging, configure the format of the IIS log file, specify the categories of information to store in the log file, and change the directory where the log file is stored. You can also use the element to control how often IIS creates a new log file based either on log file size or time interval and the maximum size (in bytes) that a log file can become.

By default, IIS 7 and later uses the World Wide Web Consortium (W3C) log file format. You can change this setting by modifying the logFormat attribute to IIS, NCSA, or Custom.

ODBC logging is implemented as a custom logging module in IIS 7 and later. As a result, enabling and configuring ODBC logging in IIS 7 and later consists of two separate actions:

• Setting the ODBC logging attributes in the element. These attributes specify the System Data Source Name (DSN), table name, user name, and password for the ODBC connection.
• Setting the correct custom logging attributes in element. These attributes must set the log file format to «Custom» and the custom log plug-in class ID to ««.

For more information about ODBC logging, see the element.

You can define the categories of information that IIS logs by editing the logExtFileFlags attribute. The default values are Date , Time , ClientIP , UserName , ServerIP , Method , UriStem , UriQuery , TimeTaken , HttpStatus , Win32Status , ServerPort , UserAgent , HttpSubStatus , and Referer .

If the element is configured in both the section and in the section for a specific site, the configuration in the section is used for that site.

IIS 8.5 enables you to log custom fields in addition to the standard logged set. The log file format must be W3C to add custom fields. For more information, see customFields .

Compatibility

Version	Notes
IIS 10.0	The element was not modified in IIS 10.0.
IIS 8.5	Added the flushByEntrycountW3CLog attribute to specify the number of events to be store in the buffer before they are flushed to the log file. Added the logTargetW3C attribute to specify how logged IIS events are processed. Added the maxLogLineLength attribute to specify the maximum length of a line in a log file. Added the child element.
IIS 8.0	The logSiteId attribute was added to specify the contents of the -sitename field, and referer flag was added to the default value of the logExtFileFlags attribute.
IIS 7.5	The element was not modified in IIS 7.5.
IIS 7.0	The element of the element was introduced in IIS 7.0.
IIS 6.0	The element replaces sections of the logging properties on the IIS 6.0 IIsWebService metabase object.

Setup

The element is included in the default installation of IIS 7 and later.

How To

How to edit the default logging settings for a server

Open Internet Information Services (IIS) Manager:

If you are using Windows Server 2012 or Windows Server 2012 R2:

• On the taskbar, click Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.

If you are using Windows 8 or Windows 8.1:

• Hold down the Windows key, press the letter X, and then click Control Panel.
• Click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.

If you are using Windows Server 2008 or Windows Server 2008 R2:

• On the taskbar, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

If you are using Windows Vista or Windows 7:

• On the taskbar, click Start, and then click Control Panel.
• Double-click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.

In the Connections pane, click the server name on which you want to configure logging.

In the Home pane, double-click Logging.

In the Logging pane, select the log file format in the Format box, and then type the path to the directory where you store the log files in the Directory box or click Browse. to choose the directory in which to store the log files.

If you choose to use the W3C log file format:

• Click Select Fields to choose the types of information to log.
• In the W3C Logging Fields dialog box, select the check boxes for options you want to log, clear the check boxes for options you do not want to log, and then click OK.
  

How to configure ETW or file logging for W3C logs

Open Internet Information Services (IIS) Manager:

If you are using Windows Server 2012 R2:

• On the taskbar, click Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.

If you are using Windows 8.1:

• Hold down the Windows key, press the letter X, and then click Control Panel.
• Click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.

In the Connections pane, expand the server name.

In the site’s home pane, double-click Logging.

In the Logging home page, for Log Event Destination, select Log file only, ETW event only, or Both log file and ETW event.

How to configure flushing a W3C log by entry count

Open Internet Information Services (IIS) Manager:

If you are using Windows Server 2012 R2:

• On the taskbar, click Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.

If you are using Windows 8.1:

• Hold down the Windows key, press the letter X, and then click Control Panel.
• Click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.

In the Connections pane, select the server, and then double-click Configuration Editor.

In the Configuration Editor, for the Section, expand system.applicationHost , and then select sites.

Expand siteDefaults, and then expand logFile.

For flushByEntryCountW3Clog, enter the number of events to be stored in the buffer before they are flushed to the log file.

In the Action pane, click Apply.

How to configure the maximum log line length

Open Internet Information Services (IIS) Manager:

If you are using Windows Server 2012 R2:

• On the taskbar, click Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.

If you are using Windows 8.1:

• Hold down the Windows key, press the letter X, and then click Control Panel.
• Click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.

In the Connections pane, expand the server, and then double-click Configuration Editor.

In the Configuration Editor, for the Section, expand system.applicationHost , and then select sites.

Expand siteDefaults, and then expand logFile.

For maxLogLineLength, enter the maximum number of bytes in a single line of a log file.

In the Action pane, click Apply.

Configuration

Attributes

Attribute	Description
customLogPluginClsid	Optional string attribute.

Specifies the COM object class ID (CLSID) or IDs, in order of precedence, for custom modules. directory Optional string attribute.

Specifies the logging directory, where the log file and logging-related support files are stored.

The default value is %SystemDrive%\inetpub\logs\LogFiles . enabled Optional Boolean attribute.

Specifies whether logging is enabled (true) or disabled (false) for a site.

Note: ASP and ODBC errors are not logged in the IIS log files.

The default value is true . flushByEntryCountW3CLog Optional uint attribute.

Specifies the number of events to be stored in the buffer before they are flushed to the log file. A lower number will cause events to be flushed more quickly, at the cost of performance as a result of a greater number of disk operations. Reduce this value for more real-time troubleshooting, increase it for performance. A value of 0 specifies that the flush will occur at the default maximum of 64k.

The default value is 0 . localTimeRollover Optional Boolean attribute.

Specifies whether a new log file is created based on local time or Coordinated Universal Time (UTC), which was previously called Greenwich Mean Time (GMT). When false, a new log file is created based on UTC.

Note: Regardless of the setting, the time stamp for each W3C Extended Logging log record is UTC-based.

The default value is false . logExtFileFlags Optional flags attribute.

Specifies the categories of information that are written to either the log file (when you use W3C Extended log file format) or to the ODBC data source during logging events for a site. The logExtFileFlags attribute can be one or more of the following values. If you specify more than one value, separate them with a comma (,).

The default values are Date , Time , ClientIP , UserName , ServerIP , Method , UriStem , UriQuery , TimeTaken , HttpStatus , Win32Status , ServerPort , UserAgent , HttpSubStatus , Referer .

Value	Description
BytesRecv	Log the number of bytes that the server received.
BytesSent	Log the number of bytes that the server sent.
ClientIP	Log the IP address of the client that made the request.
ComputerName	Log the name of the server on which the log file entry was generated.
Cookie	Log the content of received cookies, if any content exists.
Date	Log the date on which the activity occurred.
Host	Log the host header name, if there is one.
HttpStatus	Log the HTTP status code.
HttpSubStatus	Log the sub-status code of the HTTP error. For example, for the 500.18 HTTP error, the status code is 500 and the sub-status code is 18.
Method	Log the requested action. For example, GET, POST, etc.
ProtocolVersion	Log the protocol version that the client used.
Referer	Log the site that the user last visited. This site provided a link to the current site.
ServerIP	Log the IP address of the server on which the log file entry was generated.
ServerPort	Log the server port number that is configured for the site.
SiteName	Log the Internet service name and instance number for the site.
Time	Log the time in Coordinated Universal Time (UTC), at which the activity occurred.
TimeTaken	Log the length of time taken for a request to be completed. The time taken is recorded in milliseconds. Note: The client-request timestamp is initialized when HTTP.sys receives the first byte, but before HTTP.sys begins to parse the request. The client-request timestamp is stopped when the last IIS send completion occurs. Time taken does not reflect time across the network. The first request to the site shows a slightly longer time taken than other similar requests because HTTP.sys opens the log file that contains the first request.
UriQuery	Log the query, if any, that the client was trying to perform. A Universal Resource Identifier (URI) query is necessary only for dynamic pages, and usually consists of parameters passed to the URL.
UriStem	Log the Universal Resource Identifier (URI) stem information, which is the target of the action. For example, Default.htm.
UserAgent	Log the browser type that the client used.
UserName	Log the name of the authenticated user who accessed your server. Anonymous users are indicated by a hyphen.
Win32Status	Log the Windows status code.

logFormat Optional enum attribute.

Specifies the log file format. The logFormat attribute can be one of the following values.

The default value is W3C .

Value	Description
Custom	Use a custom log file format for a custom logging module. The numeric value is 3 .
IIS	Use the Microsoft IIS log file format to log information about a site. This format is handled by HTTP.sys, and is a fixed ASCII text-based format, which means that you cannot customize the fields that are logged. Fields are separated by commas, and time is recorded as local time. The following list is a list of fields that are logged when you use the IIS log file format: Client IP address User name Date Time Service and instance Server name Server IP address Time taken Client bytes sent Server bytes sent Service status code (A value of 200 indicates that the request was fulfilled successfully.) Windows status code (A value of 0 indicates that the request was fulfilled successfully.) Request type Target of operation Parameters (the parameters that are passed to a script) Not all fields will contain data. When a field does not contain data, a hyphen (-) appears as a placeholder. When a field contains a non-printable character, HTTP.sys replaces it with a plus sign (+) to preserve the log file format. The numeric value is 0 .
NCSA	Use the National Center for Supercomputing Applications (NCSA) Common log file format to log information about a site. This format is handled by HTTP.sys, and is a fixed ASCII text-based format, which means that you cannot customize the fields that are logged. Fields are separated by spaces, and time is recorded as local time with the Coordinated Universal Time (UTC) offset. The following list is a list of fields that are logged when you use the NCSA Common log file format: Remote host address Remote log name (This value is always a hyphen.) User name Date, time, and UTC offset Request and protocol version Service status code (A value of 200 indicates that the request was fulfilled successfully.) Bytes sent Not all fields will contain data. When a field does not contain data, a hyphen (-) appears as a placeholder. When a field contains a non-printable character, HTTP.sys replaces it with a plus sign (+) to preserve the log file format. The numeric value is 1 .
W3C	Use the W3C Extended log file format to log information about a site. This format is handled by HTTP.sys, and is a customizable ASCII text-based format, which means that you specify the fields that are logged. Specify the fields that are logged in the logExtFileFlags attribute. Fields are separated by spaces, and time is recorded in Coordinated Universal Time (UTC). The numeric value is 2 .

logSiteId Optional Boolean attribute.

Specifies that the s-sitename field will contain either the site name (false) or the site ID (true). If the One log file per property is set to Site (the out-of-box default], then you won’t get s-sitename column in the log file by default, because the log file name property will contain the site ID instead. If the One log file per property is set to Server , the-s-sitename column will be included in the log file by default.

The default value is True , meaning that the s-sitename field contains the site ID. To log the site name instead, set logSiteID to False . logTargetW3C Optional Flags attribute.

Specifies whether IIS will use Event Tracing for Windows (ETW) and/or file logging for processing logged IIS events. ETW provides real-time logging and use of an ETW provider and standard querying mechanisms. File logging stores event data in text files that you can parse to access logging data.

When IIS uses log files, HTTP.sys logs data directly into text log files after the transaction has completed. When using ETW, HTTP.sys sends data into ETW using the iislogging provider, and the LOGSVC service manages the log data, including querying ETW for data, gathering data directly from worker processes, and sending the data to a log file.

The logTargetW3C attribute can have the following possible values. The default value is File . If both File and ETW are listed for logTargetW3C for the server’s log file defaults in applicationHost.config, that is equivalent to selecting Both log file and ETW event in the server’s Logging pane in the IIS Manager.

Value	Description
File	IIS event data will be stored in a text log file. To process the event data, you must parse the text-based log file. Text log files take time to process and flush, so you will not be able to process the event data in real time. The numeric value is 1 .
ETW	Instead of logging data directly into text files, IIS will send logged information to Event Tracing for Windows, a generic event mechanism built into Windows. You can manage logged data using standard query tools, such as the Message Analyzer, or custom tools. ETW processes logged information in real time, and gives you the ability to filter and view the data, and to enable or disable logging, dynamically. ETW also adds detailed information to event data, providing data that HTTP.sys does not have access to. For more information, see Event Tracing. The numeric value is 2 .

maxLogLineLength Optional uint attribute.

Specifies the maximum length of a line in a log file. This enables you to limit the amount of data accumulated by logging, and save on disk space, especially when you add custom logging fields.

The range is 2 to 65,536. The default value is 65536 . period Optional enum attribute.

Specifies how often IIS creates a new log file. The period attribute can be one of the following possible values.

The default value is Daily .

Value	Description
Daily	Create a new log file daily. The numeric value is 1 .
Hourly	Create a new log file hourly. The numeric value is 4 .
MaxSize	Create a new log file when a maximum size is reached. The maximum size is specified in the truncateSize attribute. The numeric value is 0 .
Monthly	Create a new log file monthly. The numeric value is 3 .
Weekly	Create a new log file weekly. The numeric value is 2 .

truncateSize Optional int64 attribute.

Specifies the maximum size of the log file (in bytes) after which to create a new log file. This value is only applicable when MaxSize is chosen for the period attribute. The minimum file size is 1,048,576 bytes. If this attribute is set to a value less than 1,048,576 bytes, the default value is implicitly assumed as 1,048,576 bytes.

The default value is 20971520 .

Child Elements

Element	Description
customFields	Optional element.

Specifies the configuration settings for default custom fields in a W3C log.

Configuration Sample

The following configuration sample specifies default logFile options.

Sample Code

The following code samples configure the default logFile options for IIS 7.