5.2 Ensure Advanced IIS logging is enabled

Information

IIS Advanced Logging is a module which provides flexibility in logging requests and client data. It provides controls that allow businesses to specify what fields are important, easily add additional fields, and provide policies pertaining to log file rollover and Request Filtering. HTTP request/response headers, server variables, and client-side fields can be easily logged with minor configuration in the IIS management console.

Rationale:

Many of the fields available in Advanced Logging can provide extensive, real-time data and details not otherwise obtainable. Developers and security professionals can use this information to identify and remediate application vulnerabilities/attack patterns.

Impact:

Collecting detailed log files will take more space on the specified drive.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

IIS Advanced Logging can be configured for servers, Web sites, and directories in IIS Manager. To enable Advanced Logging using the UI:

Open Internet Information Services (IIS) Manager

Click the server in the Connections pane

Double-click the Logging icon on the Home page

Click Select Fields

The fields that will be logged need to be configured using the Add or Edit Fields button.
Note: There may be performance considerations depending on the extent of the configuration.

Default Value:

IIS Advanced Logging is enabled by default.

See Also

https://workbench.cisecurity.org/benchmarks/13949

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-3, 800-53|AU-3(1), 800-53|AU-7, 800-53|AU-12, CSCv7|6.2, CSCv7|6.3

Plugin: Windows

Control ID: b4b9d1257149698f8b48f8b9f76a98077e350baa0a1aba8d0915c6a4764b60cd