1

I'm trying to get the client ip address. I have a number of options selected to log. In fact, I have 15 options selected, but I never get more than 12 options printed out. I also don't think I'm getting the client ip, even though it is selected. Can anyone help me out? Here is the top of a log, with identifying information altered:

#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status 
2009-07-28 00:00:21 W3SVC1 199.08.78.8 POST /site.asmx - 443 - 105.155.150.2 - - 200 0 0

Server: Microsoft-IIS/6.0 MicrosoftOfficeWebServer: 5.0_Pub

Windows Servers 2003 R2 Standard Edition Service Pack 2

This problem has persisted after restarts.

  • Can you please add IIS to the title and specify what version of IIS as well as what OS you are using? – Andy May Aug 06 '09 at 17:30

2 Answers2

3

The client ip is 105.155.150.2 in the log you posted. It is the "c-ip" field in the definition.

Also, you might want to restart IIS after you changed the log configuration.

sucuri
  • 2,867
  • 1
  • 23
  • 22
1

Dcid is correct.

When you're reading those header values, there's a couple little things to note.

  • The "s" means "server", so s-sitename is "Server's site name"
  • The "c" means "client", so c-ip is "Client's IP Address"
  • "cs" means "client to server" so cs-method is "The method the client requested of the server"
  • "sc" means "server to client" so sc-status is "The status the server returned to the client"

You can always paste your log into an Excel spreadsheet and it will format the log a little more readably for you. Looking at it quickly, every null value between live data will use "-" for a placeholder.

codepoke
  • 133
  • 8