<div>
These are not compressible as they need to be sent in either plain text or JSON for further analysis, monitoring, reporting, and trending for PCI compliance. We are sending them to loggly.com.
</div>


These are not compressible as they need to be sent in either plain text or JSON for further analysis, monitoring, reporting, and trending for PCI compliance. We are sending them to loggly.com.

<div>
<div class="content wysiwyg-content">
We are sending our IIS logs offsite for 90-day retention on-hand, and then further 365-day retention in archives. This adds up to over 350GB of logs per year for us, and is costing us a lot. We are doing this to meet PCI compliance.<br />
<br />
We would like to cut down on our IIS logs without sacrificing security or compliance. From the list below, please list all non-essential items that we can cut. Thanks much.<br />
<br />
Date<br />
Time<br />
Client IP Address<br />
User Name<br />
Service Name<br />
Server Name<br />
Server IP Address<br />
Server Port<br />
Method<br />
URI Stem<br />
URI Query<br />
Protocol Status<br />
Protocol Substatus<br />
Win32 Status<br />
Bytes Sent<br />
Bytes Received<br />
Time Taken<br />
Protocol Version<br />
Host<br />
User Agent<br />
Cookie<br />
Referer
</div>
</div>


We are sending our IIS logs offsite for 90-day retention on-hand, and then further 365-day retention in archives. This adds up to over 350GB of logs per year for us, and is costing us a lot. We are doing this to meet PCI compliance.

We would like to cut down on our IIS logs without sacrificing security or compliance. From the list below, please list all non-essential items that we can cut. Thanks much.

Date
Time
Client IP Address
User Name
Service Name
Server Name
Server IP Address
Server Port
Method
URI Stem
URI Query
Protocol Status
Protocol Substatus
Win32 Status
Bytes Sent
Bytes Received
Time Taken
Protocol Version
Host
User Agent
Cookie
Referer

IIS Logging

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Security

IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.