5.3 Ensure 'ETW Logging' is enabled - Sites logFormat W3C with ETW target

Information

IIS introduces a new logging method. Administrators can now send logging information to Event Tracing for Windows (ETW).

IIS flushes log information to disk, therefore prior to IIS, administrators do not have access to real-time logging information. Text-based log files can also be difficult and time consuming to process. By enabling ETW, administrators have access to use standard query tools for viewing real-time logging information.

Solution

To configure ETW logging:
1. Open IIS Manager
2. Select the server or site to enable ETW
3. Select Logging.
4. Ensure Log file format is W3C.
5. Select Both log file and ETW event
6. Save your settings.

See Also

https://workbench.cisecurity.org/benchmarks/14293

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-3, CSCv6|6.2

Plugin: Windows

Control ID: f56334ffd19cc15192a8c83839452b8c52b11616014cddbc9bbb3f0ccbef00b9