IIS Logging

Posted on 2014-10-10
Medium Priority
Last Modified: 2014-10-17
We are sending our IIS logs offsite for 90-day retention on-hand, and then further 365-day retention in archives. This adds up to over 350GB of logs per year for us, and is costing us a lot. We are doing this to meet PCI compliance.

We would like to cut down on our IIS logs without sacrificing security or compliance. From the list below, please list all non-essential items that we can cut. Thanks much.

Client IP Address
User Name
Service Name
Server Name
Server IP Address
Server Port
URI Stem
URI Query
Protocol Status
Protocol Substatus
Win32 Status
Bytes Sent
Bytes Received
Time Taken
Protocol Version
User Agent
Question by:pzozulka
LVL 85

Accepted Solution

David Johnson, CD, MVP earned 750 total points
ID: 40374340
This adds up to over 350GB of logs per year for us, and is costing us a lot. you could compress these files using zip or winrar before sending to your storage provider.. These files are highly compressible. 350GB on Amazon Glacier is probably a lot cheaper than what you are paying now.
LVL 29

Assisted Solution

by:Dan McFadden
Dan McFadden earned 750 total points
ID: 40376788
Dropping a field from your http logs will not make that great of a difference in the size of your log files.  The log size is governed more by the activity on the website.  More activity equals larger logs... 1 or 2 less fields won't make a difference.

I agree with what David said above.  Http logs are simple text files and compress like a champ.  Compression will get you around an 85-90% reduction in file size.


Author Comment

ID: 40380099
These are not compressible as they need to be sent in either plain text or JSON for further analysis, monitoring, reporting, and trending for PCI compliance. We are sending them to loggly.com.

Featured Post

Managed Security Services Webinar - March 15

Selecting the right managed security services platform to grow your business can be a huge undertaking. Join WatchGuard and Frost & Sullivan in an upcoming webinar as we dive into the key elements of selecting a vendor platform and partnership to fuel a successful MSSP business.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Are you looking to start a business? Do you own and operate a small company? If so, here are some courses you need to take before you hire a full-time IT staff.
Feeling responsible for an unfortunate ransomware infection on my parent's network, persistence paid off as I was able to decrypt a strain of ransomware that was not previously (or at least publicly) cracked. I hope this helps others out there affec…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question