HTTPERR Input Format

The HTTPERR input format parses HTTP Error log files created by the Http.sys driver.

HTTP Error log files are server-wide text log files containing log entries for Http.sys-initiated error responses to malformed client requests or to valid requests that are aborted due to abnormal circumstances.

Depending on the version of Http.sys, HTTP Error log files can be logged in two different formats.
Earlier versions of Http.sys log HTTP Error log entries as raw lines consisting of space-separated values. The following example shows a portion of an HTTP Error log file generated by earlier versions of Http.sys:

2002-06-27 19:11:28 172.30.92.88 3405 172.30.162.213 80 HTTP/1.0 GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir 400 - URL
2002-06-27 19:11:28 172.30.92.88 3407 172.30.162.213 80 HTTP/1.0 GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir 400 - URL
2002-06-27 19:11:28 172.30.92.88 3412 172.30.162.213 80 HTTP/1.0 GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir 400 - URL
Later versions of Http.sys log HTTP Error log files in the W3C Extended log file format. Log files in this format begin with some informative headers ("directives"), the most important of which is the "#Fields" directive, describing which fields are logged at which position in a log row.
After the directives, the log entries follow. Each log entry is a space-separated list of field values.
The following example shows a portion of an HTTP Error log file generated by later versions of Http.sys:
#Software: Microsoft HTTP API 1.0
#Version: 1.0
#Date: 2003-08-08 03:12:41
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2003-08-08 03:12:41 10.193.50.9 3544 10.193.50.9 80 HTTP/1.1 GET /ISAPI_OOP/ISAPIExtTest.dll?Action=Crash&Action=Print&Data=Req17769_0 - 1 Connection_Abandoned_By_AppPool DefaultAppPool
2003-08-08 03:12:41 10.193.50.9 3545 10.193.50.9 80 HTTP/1.1 GET /ISAPI_OOP/ISAPIExtTest.dll?Action=Crash&Action=Print&Data=Req17769_1 - 1 Connection_Abandoned_By_AppPool DefaultAppPool
2003-08-08 03:12:43 10.193.50.9 3546 10.193.50.9 80 HTTP/1.1 GET /ISAPI_OOP/ISAPIExtTest.dll?Action=Crash&Action=Print&Data=Req17769_2 - 1 Connection_Abandoned_By_AppPool DefaultAppPool

From-Entity Syntax
Fields
Parameters
Examples


© 2004 Microsoft Corporation. All rights reserved.