IIS logs contain <...> instead of expected logging field value
This article helps you resolve the problem where Internet Information Services (IIS) logs contain ... instead of expected logging field value.
Original product version: Internet Information Services 8.0
Original KB number: 2809913
Symptoms
Assume you have IIS Logging configured to log site traffic using the W3C logging format. When you inspect the IIS logs, you notice that one or more of the logging field values contain three dots (...) instead of the expected value. For example, you may see an IIS log entry similar to the following:
#Software: Microsoft Internet Information Services 7.5
#Version: 1.0
#Date: <DateTime>
#Fields: date time cs-method cs-uri-stem s-port cs-username cs(Cookie) sc-status sc-substatus
<DateTime> GET /time.asp 80 - ... 200 0
In the above example, the cs(Cookie) value is ... instead of the actual cookie value.
Cause
This behavior is by design. The length of each IIS log field value is limited to 4096 bytes (4k). If one of the field values is greater than 4096 bytes, that value will be replaced with the three dots. In the above example, the client's Cookie was larger than 4096 bytes and was therefore replaced with (...).
Workaround
To work around this issue, use one of the following options:
Write your own custom logging module that does not have the 4096-byte field limitation.
Reduce the size of the request or response header values to be logged so that they are less than 4096 bytes and will therefore not be replaced by the three dots.
More information
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for