Auditing in IIS 6.0 (IIS 6.0)
You can use security auditing techniques to track the activities of users and to detect unauthorized attempts to access your NTFS file system directories and files. Activities that you can audit include the following:
In IIS 6.0, successful account logons, including every impersonation of the anonymous account, are audited by default. If your server is hosting busy Web sites, this can cause the security event log to fill quickly with entries. To disable auditing of successful logons in the security event log, see "Auditing security events" in Help and Support Center for Windows Server 2003.