IIS 8.5 - How to log client port number

When an HTTP request is made from a client machine to a web server, a TCP connection is established between the client and the server machines. That TCP connection is built on the port numbers on both server and client sides. A web server, for example IIS, listens on port 80 for HTTP and on port 443 for SSL requests. Those are default ports of course and can be configured.

On the client side, operating system uses a random port number from an available port list, between 1024 – 65535.

You can read the following article for the TCP / IP details:

How TCP/IP Works
https://technet.microsoft.com/en-us/library/cc786128(v=ws.10).aspx

Getting the client port information

IIS writes the server side port configured for the web site request on the IIS logs. However it does not write the client port and you may need to get that client port information for some reason.

Luckily that information is available on Server Variables. From Microsoft’s explanation, the Server Variables means the following:

IIS server variables provide information about the server, the connection with the client, and the current request on the connection. Ref.: https://msdn.microsoft.com/en-us/library/ms524602(v=vs.90).aspx

Enhanced Logging feature of IIS 8.5

In IIS 8.5, the administrator has the option of logging additional custom fields from request or response headers, or from server variables. Ref.: https://www.iis.net/learn/get-started/whats-new-in-iis-85/enhanced-logging-for-iis85

That means that we can log any information available in request or response headers, or in server variables.

Logging the client port number

Client Port information is stored as REMOTE_PORT in server variables. So you can follow the instructions below:

  • Open IIS 8.5 manager and choose the site you would like to configure logging with client port. You can do that on server level as well so all of the sites can log the client port.
  • Open Logging and choose Select Fields.
  • On Custom Fields section click Add Field.
  • Give a name for Field Name, note that you cannot use space.
  • Choose Server Variables from Source Type.
  • Type REMOTE_PORT in Source text box.
  • Click OK. 

You should be seeing something like below:

 

From that point on, you should be seeing the client TCP port logged in the IIS logs. A sample output is below. For readability reasons I disabled most of the logging fields. I also disabled the HTTP Keep-Alive for my test web site so each request I made from the same client just created a new TCP/IP connection:

Applies To:

IIS 8.5 and onwards.

For IIS 7.0, 7.5 and 8.0 you can use Advanced Logging module (https://www.iis.net/downloads/microsoft/advanced-logging).

--
AMB