Enable logging for IIS in windows server 2012 R2

Question

Hello,

We are in process to enforce TLS 1.2 and will need to enable logging to check connections in IIS.

Ref : https://www.microsoft.com/security/blog/2017/09/07/new-iis-functionality-to-help-identify-weak-tls-usage/

Could you please advise how below field needs to be added to capture logging

<add logFieldName="crypt-protocol" sourceName="CRYPT_PROTOCOL" sourceType="ServerVariable" />
<add logFieldName="crypt-cipher" sourceName="CRYPT_CIPHER_ALG_ID" sourceType="ServerVariable" />
<add logFieldName="crypt-hash" sourceName="CRYPT_HASH_ALG_ID" sourceType="ServerVariable" />
<add logFieldName="crypt-keyexchange" sourceName="CRYPT_KEYEXCHANGE_ALG_ID" sourceType="ServerVariable" />

Are these required to be added in applicationHost.config file in c:\windows\system32\inetsrv\config

Thanks

Answer 1

You can follow along here.
https://www.microsoft.com/security/blog/2017/09/07/new-iis-functionality-to-help-identify-weak-tls-usage/

--please don't forget to upvote and Accept as answer if the reply is helpful--

Answer 2

Hello David, Thank you. I referred this article but need exact location in applicationhost.config to add the code <add logFieldName="crypt-protocol" sourceName="CRYPT_PROTOCOL" sourceType="ServerVariable" /> <add logFieldName="crypt-cipher" sourceName="CRYPT_CIPHER_ALG_ID" sourceType="ServerVariable" /> <add logFieldName="crypt-hash" sourceName="CRYPT_HASH_ALG_ID" sourceType="ServerVariable" /> <add logFieldName="crypt-keyexchange" sourceName="CRYPT_KEYEXCHANGE_ALG_ID" sourceType="ServerVariable" /> Or Can I add a custom field in IIS ![177548-image.png][1] [1]: /api/attachments/177548-image.png?platform=QnA

Answer 3

Hi @alex ,

Yes, you can add these fields in applicationhost.config file or in IIS manager.

Applicationhost.config

Please find the location of your site. Navigate to <sites> section and find <site name = your site name id=x serverAutoStart="true">. In this section, please add <logFile> and add logFieldName in it. In my example, the complete struction is:

<sites>  
            <site name="Default Web Site" id="1" serverAutoStart="true">  
                <application path="/">  
                    <virtualDirectory path="/" physicalPath="%SystemDrive%\inetpub\wwwroot" />  
                </application>  
                <bindings>  
                    <binding protocol="http" bindingInformation="*:80:" />  
                    <binding protocol="https" bindingInformation="*:443:" sslFlags="0" />  
                </bindings>  
                <logFile logExtFileFlags="Date, Time, ClientIP, UserName, ServerIP, Method, UriStem, HttpStatus, Win32Status, TimeTaken, ServerPort, UserAgent, Referer, HttpSubStatus">  
                    <customFields>  
                        <clear />  
                        <add logFieldName="crypt-protocol" sourceName="CRYPT_PROTOCOL" sourceType="ServerVariable" />  
                        <add logFieldName="crypt-cipher" sourceName="CRYPT_CIPHER_ALG_ID" sourceType="ServerVariable" />  
                        <add logFieldName="crypt-hash" sourceName="CRYPT_HASH_ALG_ID" sourceType="ServerVariable" />  
                        <add logFieldName="crypt-keyexchange" sourceName="CRYPT_KEYEXCHANGE_ALG_ID" sourceType="ServerVariable" />  
                    </customFields>  
                </logFile>  
            </site>  
</sites>  

IIS Manager

Open Logging module at site level.

---

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Best regards,
Bruce Zhang