Remote Logging on IIS

IIS 6.0

Starting with IIS 6.0, you can write log data to a remote share over a network using a full, Universal Naming Convention (UNC) path. For example, you can specify \\<servername>\<LogFileFolder> as the storage directory for your log files, where servername represents the name of the remote server, and LogFiles represents the name of the directory where the log files are stored.

Remote logging enables you to set up centralized log file storage and backup; however, it is slower than standard methods of logging. Although HTTP.sys, the kernel-mode driver in IIS 6.0, buffers 64 KB of log data before writing to the log file, remote logging writes the log file over the network, which can negatively impact performance.

It is highly recommended that you enable Internet Protocol security (IPSec) between your Web server running IIS and the remote server before configuring remote logging. IPSec is a framework of open standards for ensuring private, secure communications over Internet Protocol (IP) networks, through the use of cryptographic security services. If IPSec is not enabled between the Web server running IIS and the remote server, data packets containing log data are potentially at risk of being intercepted by malicious individuals and wire "sniffing" applications while the data packet travels through the network.

Remotely logging files to a UNC share in a different domain requires configuring the remote share as a null session share. When IIS attempts to access a remote Microsoft Windows server resource, such as a file share using a null session, the operation may fail if the file share is not configured as a null session share, or if there are any registry, group, or policy restrictions set on the server hosting the file share. For procedural information about setting up a null session, see Remote Logging in the IIS User Documentation.