5.3 Ensure 'ETW Logging' is enabled

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

IIS introduces a new logging method. Administrators can now send logging information to Event Tracing for Windows (ETW)
Rationale:
IIS flushes log information to disk, therefore prior to IIS, administrators do not have access to real-time logging information. Text-based log files can also be difficult and time consuming to process. By enabling ETW, administrators have access to use standard query tools for viewing real-time logging information.

Solution

To configure ETW logging:
1. Open IIS Manager
2. Select the server or site to enable ETW
3. Select Logging.
4. Ensure Log file format is W3C.
5. Select Both log file and ETW event
6. Save your settings.

See Also

https://workbench.cisecurity.org/files/2297