Enable logging for IIS in windows server 2012 R2

Anonymous
2022-02-24T14:53:22.547+00:00

Hello,

We are in process to enforce TLS 1.2 and will need to enable logging to check connections in IIS.

Ref : https://www.microsoft.com/security/blog/2017/09/07/new-iis-functionality-to-help-identify-weak-tls-usage/

Could you please advise how below field needs to be added to capture logging

<add logFieldName="crypt-protocol" sourceName="CRYPT_PROTOCOL" sourceType="ServerVariable" />
<add logFieldName="crypt-cipher" sourceName="CRYPT_CIPHER_ALG_ID" sourceType="ServerVariable" />
<add logFieldName="crypt-hash" sourceName="CRYPT_HASH_ALG_ID" sourceType="ServerVariable" />
<add logFieldName="crypt-keyexchange" sourceName="CRYPT_KEYEXCHANGE_ALG_ID" sourceType="ServerVariable" />

Are these required to be added in applicationHost.config file in c:\windows\system32\inetsrv\config

Thanks

Windows development | Internet Information Services
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Anonymous
    2022-02-24T15:14:58.13+00:00

    You can follow along here.
    https://www.microsoft.com/security/blog/2017/09/07/new-iis-functionality-to-help-identify-weak-tls-usage/

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments No comments

  2. Anonymous
    2022-02-24T15:18:48.73+00:00

    Hello David, Thank you. I referred this article but need exact location in applicationhost.config to add the code <add logFieldName="crypt-protocol" sourceName="CRYPT_PROTOCOL" sourceType="ServerVariable" /> <add logFieldName="crypt-cipher" sourceName="CRYPT_CIPHER_ALG_ID" sourceType="ServerVariable" /> <add logFieldName="crypt-hash" sourceName="CRYPT_HASH_ALG_ID" sourceType="ServerVariable" /> <add logFieldName="crypt-keyexchange" sourceName="CRYPT_KEYEXCHANGE_ALG_ID" sourceType="ServerVariable" /> Or Can I add a custom field in IIS ![177548-image.png][1] [1]: /api/attachments/177548-image.png?platform=QnA


  3. Bruce Zhang-MSFT 3,771 Reputation points
    2022-02-25T03:17:40.887+00:00

    Hi @alex ,

    Yes, you can add these fields in applicationhost.config file or in IIS manager.

    Applicationhost.config

    Please find the location of your site. Navigate to <sites> section and find <site name = your site name id=x serverAutoStart="true">. In this section, please add <logFile> and add logFieldName in it. In my example, the complete struction is:

    <sites>  
                <site name="Default Web Site" id="1" serverAutoStart="true">  
                    <application path="/">  
                        <virtualDirectory path="/" physicalPath="%SystemDrive%\inetpub\wwwroot" />  
                    </application>  
                    <bindings>  
                        <binding protocol="http" bindingInformation="*:80:" />  
                        <binding protocol="https" bindingInformation="*:443:" sslFlags="0" />  
                    </bindings>  
                    <logFile logExtFileFlags="Date, Time, ClientIP, UserName, ServerIP, Method, UriStem, HttpStatus, Win32Status, TimeTaken, ServerPort, UserAgent, Referer, HttpSubStatus">  
                        <customFields>  
                            <clear />  
                            <add logFieldName="crypt-protocol" sourceName="CRYPT_PROTOCOL" sourceType="ServerVariable" />  
                            <add logFieldName="crypt-cipher" sourceName="CRYPT_CIPHER_ALG_ID" sourceType="ServerVariable" />  
                            <add logFieldName="crypt-hash" sourceName="CRYPT_HASH_ALG_ID" sourceType="ServerVariable" />  
                            <add logFieldName="crypt-keyexchange" sourceName="CRYPT_KEYEXCHANGE_ALG_ID" sourceType="ServerVariable" />  
                        </customFields>  
                    </logFile>  
                </site>  
    </sites>  
    

    IIS Manager

    Open Logging module at site level.
    177725-1.png


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best regards,
    Bruce Zhang

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.