• IIS Admin Blog

  • How to Configure Application Pool Recycle Event Logging in IIS 6.0

8th September 2008

How to Configure Application Pool Recycle Event Logging in IIS 6.0

posted in IIS 6.0 |

If you are running production IIS servers which host multiple web sites and application pools it is often quite important to be able to keep track of the various events which can impact the smooth running of your sites and applications. We recently had an issue where it appeared that certain sites were apparently being randomly re-started and we needed to get a handle on the problem and understand why this was happening. In order to do this I decided to enable logging of worker process recycling events by configuring the LogEventOnRecycle metabase property as described on Technet here :

Logging Worker Process Recycling Events in IIS 6.0 (IIS 6.0)

The online documentation states that by default IIS does not log worker process recycling events. However, this is not entirely accurate. If you execute the following command against an unmodified installation of IIS 6.0 you should see that it returns the value shown below :

cscript %SYSTEMDRIVE%\inetpub\adminscripts\adsutil.vbs get w3svc/AppPools/LogEventOnRecycle

What this means is that if you have an application pool (say for example the DefaultAppPool) which was created with the default values in place, then that application pool will be recycled every 1740 minutes after the first request is made. When that event occurs it will in fact be recorded in the System event log as shown below. If you also schedule application pool recycles then those events will also be logged.

However, if an application pool is manually recycled or has its configuration altered in some way by an administrator then these events will not be logged if you have the default LogEventOnRecycle metabase property in place. This is one of those circumstances where I personally feel that the default setup value is not the best choice. I would rather have everything that affects my application pools logged so that I have a clearer picture of what is happening on my web servers. At the very least I would rather be informed about an unexpected application pool recycle than one which I have already scheduled and would therefore be likely to know about.

So, if you want to enable logging of all application pool recycling events you need to issue the following command :

cscript %SYSTEMDRIVE%\inetpub\adminscripts\adsutil.vbs Set w3svc/AppPools/LogEventOnRecycle 255

Once you have done this you will start to see additional events related to application pool recycling being logged to the System event log. For example, if a configuration change is made to a specific application pool then you will see event ID 1080 being logged as shown here.

And if an administrator manually recycles an application pool then that event will also be captured. The online documentation contains a list of all the application pool recycle event ID’s which you can expect to see.

However, there are a few limitations which I think are worthy of comment. Firstly, it would be nice to see the actual user ID of the person who made the change being captured in the event log. And secondly, it appears that if instead of recycling an application pool an administrator simply stops and re-starts it, then these actions are not captured at all. I think this is a pretty serious oversight as it allows someone to circumvent the auditing process, which is never a good thing.

Having said this I still feel that there is a real benefit to be gained from enabling the logging of all application pool recycle events and I would recommend that you do this on all production or mission critical systems.

This entry was posted on Monday, September 8th, 2008 at 2:18 pm and is filed under IIS 6.0. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

There are currently 16 responses to “How to Configure Application Pool Recycle Event Logging in IIS 6.0”

Why not let us know what you think by adding your own comment! Your opinion is as valid as anyone elses, so come on... let us know what you think.

  1. 1 On September 9th, 2008, Pablo Weyne said:

    Excelent post.

  2. 2 On December 23rd, 2008, Nick Raceu said:

    Great article
    Where can i find all the codes? you used 255 in your example

  3. 3 On December 24th, 2008, Paul Lynch said:

    Nick,

    The complete list can be found here :

    http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/6f43da84-38b0-422b-aa2b-195643d05d22.mspx?mfr=true

    Regards,

    Paul Lynch

  4. 4 On May 12th, 2009, Karthik said:

    It’s a great article and this is exactly what I was looking for.

    Thanks,

    Karthik

  5. 5 On June 3rd, 2009, Edmund said:

    Hi,

    I am running Windows Server 2003 with default settings and have some application pools in isolation mode.

    The server works well except the fact I have some unexplained worker process recycles. (BTW, I have the app pools set to recycle at a specific time during the night).

    So I changed the LogEventOnRecycle to 255, as you suggest, but do not see any such event logged. I am manually recycling the pool (it is indeed recycling as I see at the task manager’s processes tab).

    I also tried clearing the Application Event log.

    Any idea why events are not logged?

    Thanks,
    Edmund

  6. 6 On August 20th, 2009, Maya said:

    I have a multi server web farm (IIS 6.0). When I am recycling an application pool do I need to do that on every server in my farm?

    Regards,

    Maya

  7. 7 On September 17th, 2009, Rovastar said:

    yes you do

  8. 8 On October 2nd, 2009, Logando eventos de reciclagem do Application Pool no IIS6 | Pablo Weyne - IIS - Windows - Microsoft said:

    [...] http://www.iisadmin.co.uk/?p=17 Compartilhar/Salvar Categories: Sem categoria Tags: Comentários (0) Trackbacks (0) Deixar um comentário Trackback [...]

  9. 9 On December 1st, 2010, Tiju John said:

    Hi Nick Raceu,

    The values are easy to find out,
    AppPoolRecycleTime:1
    AppPoolRecycleRequests:2
    AppPoolRecycleSchedule:4
    AppPoolRecycleMemory:8
    AppPoolRecycleIsapiUnhealthy:16
    AppPoolRecycleOnDemand:32
    AppPoolRecycleConfigChange:64
    AppPoolRecyclePrivateMemory:128

    so 255 means = 1+2+4+8+16+32+64+128
    so add those for all those events you want, and set that as the value

  10. 10 On April 13th, 2011, Atmaram said:

    How do I schedule to clear the Application Pool for a particular website?

  11. 11 On June 30th, 2011, Manish said:

    Excellent , one more option to troubleshoot application pool recycling problem

    Good Job

  12. 12 On September 21st, 2011, Kuldeep said:

    Hi..

    Nice article.

    Do we have any option to log an event when an application pool stops (and not recylce).

    Regards
    Kuldeep.

  13. 13 On January 3rd, 2012, Mehmet Aydın said:

    Hi Kuldeep,

    have you find any solution about your question?

    Regards,
    Mehmet;

  14. 14 On August 9th, 2012, Khairul said:

    Hi team,
    I have one problem. My iis 6 is running on window server 2003 environment and I cannot find inetpub\adminscripts inside my iis folder to run the scripts. I believe that the iis6 scripting tool is not installed yet to my iis 6 and i cannot find the documentation on how can we install the features on my server 2003. please advice.

  15. 15 On February 25th, 2013, App Pool Crashing – Part 1 | The Oszakiewski Family said:

    [...] enabled recycling once a day. I also turned on app pool logging in the Event Log as described in this article. The next day everything was still working, so far so good! However, the following day (2nd [...]

  16. 16 On February 27th, 2013, MikeC said:

    Excellent advice, thank you! We have an app pool MB cap and it’s become useful to know when we’ve reached the cap and a recycle event happens.

Leave a Reply

  • Calendar

  • June 2013
    M T W T F S S
    « Sep    
     12
    3456789
    10111213141516
    17181920212223
    24252627282930