iis| Safety | advanced | Site This is a good tool to mend, at least you can use it to monitor who has done what through the web. Of course, you also have to protect the log permissions only by the system administrator and Super Admin control. This prevents some people from doing something without leaving traces. In order to stay on site without affecting the response speed of IIS, it is recommended that you choose the extended log format. (I used to be introduced to ODBC by others, it seems more convenient, but in fact it is not so.) It is affected by the database very much, and the speed is slower.
You may consider recording the field data:
Customer IP Address
User name
Method
URI Resource
HTTP status
Win32 State
User Agent
Server IP Address
Server port
The latter two properties are useful if you have more than one WEB server on a single computer. Win32 State properties are useful for debugging.
When checking the log, pay close attention to error 5, which means that access is denied. Enter NET helpmsg err on the command line to find the meaning of other Win32 errors, where err is the error number to look for.