IIS logs contain <...> instead of expected logging field value

This article helps you resolve the problem where Internet Information Services (IIS) logs contain ... instead of expected logging field value.

Original product version:   Internet Information Services 8.0
Original KB number:   2809913


Assume you have IIS Logging configured to log site traffic using the W3C logging format. When you inspect the IIS logs, you notice that one or more of the logging field values contain three dots (...) instead of the expected value. For example, you may see an IIS log entry similar to the following:

#Software: Microsoft Internet Information Services 7.5
#Version: 1.0
#Date: <DateTime>
#Fields: date time cs-method cs-uri-stem s-port cs-username cs(Cookie) sc-status sc-substatus
<DateTime> GET /time.asp 80 - ... 200 0

In the above example, the cs(Cookie) value is ... instead of the actual cookie value.


This behavior is by design. The length of each IIS log field value is limited to 4096 bytes (4k). If one of the field values is greater than 4096 bytes, that value will be replaced with the three dots. In the above example, the client's Cookie was larger than 4096 bytes and was therefore replaced with (...).


To work around this issue, use one of the following options:

  • Write your own custom logging module that does not have the 4096-byte field limitation.

  • Reduce the size of the request or response header values to be logged so that they are less than 4096 bytes and will therefore not be replaced by the three dots.

More information