Last time I posted on my blog was 10 months ago, wow! Time sure goes by fast when you have a new baby and a new course to write (I’ll blog about this later, the course, not the baby).
Enough with the chitchat, let’s get to business.
If you’ve ever used IIS, you’ve probably realized at some point that the IIS log files are useful to a point. You can’t log specific HTTP headers from the request/response, you can’t log machine parameters, such as performance counters, and you can’t filter the logs before they are written (for that we use log parser).
A couple of years ago, Microsoft released the Advanced Logging module, which can run in IIS 7/7.5/8 (haven’t tested on 8.5 yet, but part of it is already built-in to IIS 8.5). This new module adds many useful fields, real-time logging, and log filters.
One of the problem people stumbled upon when using this great module is, if you choose to log performance counters, you end up having two problems:
1. The counters data is not actually logged. If you open the log file, the columns appear, but without data.
2. If you open the Windows event logs, you’ll find errors for each configured performance counter. The errors are logged each time you recycle an application pool.
Note: event logs appear for each performance counter in the fields list, whether you choose to log it or not.
Most of the answers I found online for this issue (such as here) were to remove the performance counter fields from the list of fields, which basically will prevent you from logging performance counters. I didn’t really like these answers, as they didn’t actually resolve this issue, only worked around it.
After a short investigation, new evidence appeared that shed light on the problem – the issue with the performance counters appear only in web applications that use an application pool set to the ApplicationPoolIdentity identity. If the application pool uses Network/Local Service, there is no problem.
From here, the solution is simple:
1. Open the Local Users and Groups node in the Computer Management MMC.
2. Open the Performance Monitor Users group, and add the application pool identity you are using. For example, if your application pool is named DefaultAppPool, then add the user “iis apppool\defaultapppool”, without the quotes (“iis apppool” is a special prefix for application pool identities).
3. Reset your server for the changes to take affect.
After you reset the server and the application pool loads, you should start seeing the counter data in the log, and the errors in the Windows event logs will no longer appear.
Hope this helps someone out there.