Policy requires that WWW servers log startup and shutdown, system access, and system authentication events. Additionally I have to prove that logs begin recording events as soon as the web service is up, or get an MS doc stating it does.
I'm on Server 2016 Core/IIS 10.
I've gone in and set the server in system.applicationHost/log to use Central W3C and set the log ExtFileFlags that I need (user name, time, etc). However, when I logged into the IIS console to the server, I don't see anything in the logs to show I had signed in but earlier in logs I see my signings.
Where in IIS config do I need to go to meet my audit policy needs?
Thanks!