First published on MSDN on Sep 05, 2018
X-Forwarded-For Header (XFF) is essential whenever we have a Proxy or LoadBalancer between client browser and IIS. This way, the proxy or load balancer will forward the client's IP to IIS, hence giving the IIS the much needed info to track the incoming user.

You need to check your Proxy or Load balancer documentation on how to enable XFF. Once it's enabled, you can follow this blog on how to add a custom logging field in IIS 8.5+ to log the XFF forwarded client-IP:

1. Launch IIS Manager UI (alternately, On an elevated command prompt, type inetmgr.exe)

2. Double-click "Logging"

3. Click "Select Fields"

4. Click "Add Field"

5. In the Add Custom Field window, type as follows

6. Click on "Apply" on the Actions pane on the top right corner

Logs with incoming client IP will be recorded in the IIS Log (default location is %SystemDrive%\inetpub\logs\LogFiles). The new log files will have an extra "_x" to it's name.
Occasional Visitor

Hello @Enamul Khaleque ! 


Do you know if there is a custom Field Name to log the server Date/Time in the IIS log , without change the IIS Format from W3C to IIS? This because I need the W3C format. 





@daymar23 Within the W3C format, there are predefined fields for date and time that you may check to get date+time info logged in the IIS log.

Occasional Visitor

@Enamul Khaleque  Yes, but the predefined Date - Time fields log with UTC time (https://docs.microsoft.com/en-us/windows/desktop/http/w3c-logging) but my server is in GMT-6, so the times are different. I need change the time in my logs from UTC to the Server time. 


Thanks and regards 



@daymar23 Yes, the W3C format uses UTC instead of local time. If you use IIS or NCSA format, I believe it logs the local time but you lose the option of selecting fields. On the other hand, these UTC can easily be converted while viewing logs ( log parser can to that). Please check this link for the conversion.

Occasional Visitor

@Enamul Khaleque , yes if I use the iis or NCSA, they log with server time. But I need the W3C format for an analytical tool. 

Also I know that I can use a log parser, but I need the UTC and the Server Time in my log. 


Do you know how can I do that? Is in the IIS 10 a custom field like a Server Variable where I can registry the server time in the IIS Logs? 






@daymar23 There is no option to log Date and Time in local timezone when using W3C format (The W3C Extended Log File Format is defined in the W3C Working Draft WD- logfile-960323 specification by Phillip M. Hallam-Baker and Brian Behlendorf. This document defines the Date and Time fields be always in GMT/UTC. This behavior is by design). There is no corresponding SERVER VARIABLE that you can add as a custom field. 

Occasional Visitor

Thanks @Enamul Khaleque  I will continue investigating. How can i do that? 

Thanks for your help!