"SA" <informatica@freemail.nl> wrote in message
news:eokp5GrlEHA.3520@TK2MSFTNGP11.phx.gbl...

"SA" <informatica@freemail.nl> wrote in message
news:eokp5GrlEHA.3520@TK2MSFTNGP11.phx.gbl...
> Hi all,
>
> The IIS W3C format logs of a web site frequently have the following lines
in
> them
>
> #Software: Microsoft Internet Information Services 6.0
> #Version: 1.0
> #Date: 2004-08-01 12:43:49
>
> Of course, the date is different for each line. Under IIS 5, I know that
> this is indicative of a log dump, which would occur at server reboot or
IIS
> Service start/stop events.
>
> However, this server is not being stopped and started, yet each day, there
> are about 10 of these entries in the logs. Is it because of IIS Worker
> Process Recycling?
>
> What worries me is that these entries occur at irregular intervals, so
it's
> not after about 2 hours or so. It's also not after any given number of
> requests, sometimes just after 1 request, sometimes after several dozen
> requests.
>
> I see no entries in the log itself that could point to malicious requests.
>
> Any ideas are appreciated,
>
> --
>
> Sven
>
>
>

"Bernard" <qbernard@hotmail.com.discuss> wrote in message
news:uxHtKHvlEHA.952@TK2MSFTNGP14.phx.gbl...
> By default app pool idle shutdown is 20 mins
> and recycle the pool after 1740 mins
>
> check if this is relate to the 20mins interval.
>
> --
> Regards,
> Bernard Cheah
> http://www.tryiis.com/
> http://support.microsoft.com/
> http://www.msmvps.com/bernard/
>
>
>
> "SA" <informatica@freemail.nl> wrote in message
> news:eokp5GrlEHA.3520@TK2MSFTNGP11.phx.gbl...
> > Hi all,
> >
> > The IIS W3C format logs of a web site frequently have the following
lines
> in
> > them
> >
> > #Software: Microsoft Internet Information Services 6.0
> > #Version: 1.0
> > #Date: 2004-08-01 12:43:49
> >
> > Of course, the date is different for each line. Under IIS 5, I know that
> > this is indicative of a log dump, which would occur at server reboot or
> IIS
> > Service start/stop events.
> >
> > However, this server is not being stopped and started, yet each day,
there
> > are about 10 of these entries in the logs. Is it because of IIS Worker
> > Process Recycling?
> >
> > What worries me is that these entries occur at irregular intervals, so
> it's
> > not after about 2 hours or so. It's also not after any given number of
> > requests, sometimes just after 1 request, sometimes after several dozen
> > requests.
> >
> > I see no entries in the log itself that could point to malicious
requests.
> >
> > Any ideas are appreciated,
> >
> > --
> >
> > Sven
> >
> >
> >
>
>

"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:edD#Q5wlEHA.3016@tk2msftngp13.phx.gbl...
> Those header lines are written by HTTP.SYS every time it creates a new log
> buffer. New log buffers are created for new IIS worker processes. New
> worker processes come about because of regular process recycling (default
> settings have a periodic recycle every 29 hours and an idle timeout of 15
> minutes).
>
> It is likely that you are seeing the 15 minute idle timeout happening at
> sporadic times throughout the day.
>
> No, there is no "configuration" for this. It's by-design behavior and is
> perfectly ok (except to some broken log parsing tools that cannot handle
> comments in the middle of a log file -- even though it should, according
to
> spec).
>
> --
> //David
> IIS
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> //
> "SA" <informatica@freemail.nl> wrote in message
> news:eokp5GrlEHA.3520@TK2MSFTNGP11.phx.gbl...
> Hi all,
>
> The IIS W3C format logs of a web site frequently have the following lines
in
> them
>
> #Software: Microsoft Internet Information Services 6.0
> #Version: 1.0
> #Date: 2004-08-01 12:43:49
>
> Of course, the date is different for each line. Under IIS 5, I know that
> this is indicative of a log dump, which would occur at server reboot or
IIS
> Service start/stop events.
>
> However, this server is not being stopped and started, yet each day, there
> are about 10 of these entries in the logs. Is it because of IIS Worker
> Process Recycling?
>
> What worries me is that these entries occur at irregular intervals, so
it's
> not after about 2 hours or so. It's also not after any given number of
> requests, sometimes just after 1 request, sometimes after several dozen
> requests.
>
> I see no entries in the log itself that could point to malicious requests.
>
> Any ideas are appreciated,
>
> --
>
> Sven
>
>
>
>