Recently a friend reminded me few cases, we were analyzing, while I was working as messaging engineer. We had problems with an application, which was using EWS (Exchange Web Service), trying to get free/busy information from exchange. Then IIS was becoming unresponsive and the only thing we could do was IIS reset. So we used “httperr.log” for the analysis and issue detection. Probably not many of you heard about it, but this log is really useful with issues related to web server.
What is httperr.log log ??
This log contains errors handled by HTTP server API, instead of passing them to the application.
Default log location is : C:\Windows\System32\LogFiles\HTTPERR
The default log file name is httperr + [sequence number] + .log
These to settings can be configured using the registry keys, as well as disabling or enabling the logging. To configure this settings one need to configure the registry values in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters registry key
- EnableErrorLogging – DWORD value, if it’s set to true, logging is enabled, if it’s false logging is disabled
- ErrorLogFileTruncateSize – DWORD value that defines maximum size of the single log file, Default value is (0x100000), which means 1MB. Changed value cannot be smaller than 1MB.
- ErrorLoggingDir – REG_SZ value defining the logging directory, it has to be a fully qualified local path. If the value is not set, the default folder path is used, mentioned earlier in this post.
More information about configuration of HTTP API error logging you can find in MS KB820729 article.
The httperr.log format is quite the same as the W3C logs. Each line of an HTTP API error log records one error.
More information about the format you can find in the same KB article mentioned earlier.
The various type of errors are described in the same article.
So when to use this log, if something wrong is going on the web server, websites become unresponsive, it’s worth to look inside the httperr log folder. If the number of log files is growing very fast, it seems that something is wrong with the http service, so just look inside the logs to find if it’s related to the same error type. Then start to analyze the reasons. In my case log file was full of Connection_Dropped_List_Full events, so for the future I have wrote the script to analyze the the folder and the logs inside it for this event, but this won’t be covered in this post.
Here is the link to Microsoft KB820729