5.3 Ensure 'ETW Logging' is enabled

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Event Tracing for Windows (ETW) is a Windows feature that allows Administrators to send logging information to another location. This information is then compiled on the server and can be queried.

Rationale:

IIS flushes log information to disk, therefore prior to IIS, administrators do not have access to real-time logging information. Text-based log files can also be difficult and time consuming to process. By enabling ETW, administrators have access to use standard query tools for viewing real-time logging information.

Impact:

A dedicated server hosting Event Tracing for Windows (ETW) will be needed.

Solution

To configure ETW logging:

Open IIS Manager

Select the server or site to enable ETW

Select Logging.

Ensure Log file format is W3C.

Select Both log file and ETW event

Save your settings.

See Also

https://workbench.cisecurity.org/files/4131