IIS 8.5 and onwards – How to log client port number

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: IIS Support Blog articles.

 

When an HTTP request is made from a client machine to a web server, a TCP connection is established between the client and the server machines. That TCP connection is built on the port numbers on both server and client sides. A web server, for example IIS, listens on port 80 for HTTP and on port 443 for SSL requests. Those are default ports of course and can be configured.

 

On the client side, operating system uses a random port number from an available port list, between 1024 – 65535.

 

You can read the following article for the TCP / IP details:

 

How TCP/IP Works
https://technet.microsoft.com/en-us/library/cc786128(v=ws.10).aspx

 

Getting the client port information

 

IIS writes the server side port configured for the web site request on the IIS logs. However it does not write the client port and you may need to get that client port information for some reason.

 

Luckily that information is available on Server Variables. From Microsoft’s explanation, the Server Variables means the following:

 

IIS server variables provide information about the server, the connection with the client, and the current request on the connection. Ref.: https://msdn.microsoft.com/en-us/library/ms524602(v=vs.90).aspx


Enhanced Logging feature of IIS 8.5

 

In IIS 8.5, the administrator has the option of logging additional custom fields from request or response headers, or from server variables.

Ref.: http://www.iis.net/learn/get-started/whats-new-in-iis-85/enhanced-logging-for-iis85

 

That means that we can log any information available in request or response headers, or in server variables.

 

Logging the client port number

 

Client Port information is stored as REMOTE_PORT in server variables. So you can follow the instructions below:

 

  • Open IIS 8.5 manager and choose the site you would like to configure logging with client port. You can do that on server level as well so all of the sites can log the client port.
  • Open Logging and choose Select Fields.
  • On Custom Fields section click Add Field.
  • Give a name for Field Name, note that you cannot use space.
  • Choose Server Variables from Source Type.
  • Type REMOTE_PORT in Source text box.
  • Click OK.

You should be seeing something like below:

 

IIS 8.5 – How to log client port number.png

 

From that point on, you should be seeing the client TCP port logged in the IIS logs. A sample output is below. For readability reasons I disabled most of the logging fields. I also disabled the HTTP Keep-Alive for my test web site so each request I made from the same client just creates a new TCP/IP connection:

 

IIS 8.5 – How to log client port number_2.png

 

Applies To:

 

IIS 8.5 and onwards.

 

For IIS 7.0, 7.5 and 8.0 you can use Advanced Logging module (http://www.iis.net/downloads/microsoft/advanced-logging).

 

--
AMB

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.