Many countermeasures taken by ISPs to face IPv4 exhaustion (DS-Lite, NAT64, NAT44, CGN) need more than the old IP-address/timestamp couple to uniquely identify an end-user on Internet. Even with a full logging of activities and sessions an ISP can’t trace a specific user if no source TCP/UDP port is given. So content providers, whether large or small, need to enable clients source port logging; it doesn’t matter if they run an enormous e-commerce website or a small blog like this, if they want to provide Law Enforcement Agencies (LEAs) a set of information capable of uniquely trace a user they need client source port logging.
Many software products have simple builtin configuration commands to accomplish this task, here I write how to enable this feature under Microsoft Windows Server 2008 R2 – IIS 7.5.
Advanced Logging IIS extension
The IIS builtin logging module doesn’t allow client source port logging, so an extension is needed: Advanced Logging. Once installed a new icon appears in the IIS Management Console:
Enable client port logging
Configuration can be done at any level: global, web site, directory. Open the Advanced Logging icon then, in the Actions pane, click Enable Advanced Logging. Once enabled the feature you just need to add the client port to the list of logged fields: always from the Action pane click Edit Logging Fields, then the Add field button and use the following data:
Field ID: Client-IP Source type: Server variables Source name: REMOTE_PORT
Hit the OK button a couple of time and go back to the main window, where you find the default log definition named %COMPUTERNAME%-Server; double click it in order to open details then select your logging preferences, being careful to add the Client-IP field ID to the list of the selected ones (from the Selected Fields section click the Select Fields button and check it).
After you have done some activity on your web site you can check the log content clicking View log files from the Actions pane; client port will be there somewhere, depending on the fields sequence you have on the log definition Selected Fields list.
Latest posts by Pier Carlo Chiodi (see all)
- Route server feature-rich and automatic configuration - 13 February 2017
- Large BGP Communities playground - 15 September 2016
- RFC7050 (DNS64 prefix via ipv4only.arpa) on RIPE Atlas probes - 9 March 2016