How to Log Into Event Tracing for Windows in IIS 8.5?


IIS has many versions so far, including IIS8.5, IIS8.0, IIS7.5 and IIS7c.0. One point need to be mentioned is that logging to ETW is only available in IIS8.5.  In IIS 8.5, logging information can be sent to Event Tracing for Windows (ETW), which brings administrator a lot of benefits.

Something about Event Tracing for Windows

A basic function of Internet Information Services (IIS) on Windows Server 2012 is that it provides ETW logging. ETW logging is an ETW provider that allows collecting real-time logs by using various Event-tracing tools. Problem is that there is seldom for administrators have access to logging information in real-time as IIS takes some time to flush logs to disk. Besides, log files that based on text can be difficult and the process is also time-consuming.

In IIS 8.5, the administrator can send logging information to Event Tracing for Windows (ETW). Thus, the administrator can have access to use standard query tools, or create custom tools, for the purpose of viewing real-time logging information in ETW. On this condition, the advantage over parsing text-based log files is significant, for it is updated in real-time.

How to log into event tracing for windows in IIS 8.5?

1. Find the IIS Manager and open it.

2. Select the server or site in the Connections pane, and then click the Logging twice. When you configure logging for a site, then that configuration applies to the site regardless how you configure logging at the server level. When you configure logging for the server, then the configuration will be applied to all newly-created sites on the server and any sites for which you have not configured site-level logging.

3. Under Log File in the Format field, select W3C.
ways to log into event tracing for windows in iis8.5 - 1
4. There are three options under Log Event Destination, select ETW event only or select Both log file and ETW event if you want to send the log information to both ETW and the log file.
ways to log into event tracing for windows in iis8.5 - 2
5. Then any of the publicly available tools can be used to query ETW for events. For instant, Message Analyzer can be used by configuring it to query the “Microsoft-Windows-IIS-Logging” provider.


With the guide above, you can configure IIS to log events to ETW or to both ETW and the log file. Since a number of publicly tools available, you can view ETW events as well.