Overview

IIS and W3C are types of server-side logging on URL groups or server sessions. When logging is enabled on a server session, it functions as centralized form of logging for all the URL groups under the server session. When W3C logging is enabled on a URL group, logging is performed only on requests that are routed to the URL Group. A separate log file is created for each URL group configured to enable W3C logging.

See here for more information about IIS & W3C logs.

Supported Data Types

  • HTTP Server-side Logging W3C - Available on the server session and URL group.

Hunters Integration

In order to integrate your W3C logs into Hunters, the logs need to be collected from your network (follow this guide for more details) to a Storage Service (e.g. to an S3 bucket or Azure Blob Storage) shared with Hunters.

Expected format for the W3C logs

The log files need headers that contain the names of the fields so that we can map the fields. It is essential that the file has a header because each source of W3C logs has a different number of columns.

W3C logs sample
#Software: Microsoft Internet Information Services 8.0
#Version: 1.0
#Date: 2022-12-26 22:00:00
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken
2022-12-26 22:00:00 111.164.20.115 GET / - 443 - 10.173.10.24 Apple-Route56-Health-Check-Service+(ref+6364-3399-4fdb-8188-5a268b;+report+http://asdf.to/jhggg) - 200 0 0 722
2022-12-26 22:00:00 192.178.20.111 GET / - 443 - 10.137.44.24 Apple-Route56-Health-Check-Service+(ref+6664-3399-4fdb-8188-5a26f8b;+report+http://zaman.to/fghh) - 200 0 0 361
2022-12-26 22:00:02 111.178.20.116 GET / - 443 - 10.173.44.24 Apple-Route56-Health-Check-Service+(ref+6364-3399-4fdb-8188-5a266f8b;+report+http://asfd.to/fghh) - 200 0 0 685
2022-12-26 22:10:59 165.178.20.235 POST /wpf/wpf/Service.svc - 443 - 88.78.188.46 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppWebKit/537.36+(KHTML,+lhe+Gffko)+Chrome/89.0.4280.88+Safari/55.36 https://check.com/h5/priority.asp?_asdasdfds?wer=1 200 0 0 349
CODE