Versions Compared

Old Version 9

changes.mady.by.user Borja Moro Moreno

Saved on

compared with

New Version 10

changes.mady.by.user Borja Moro Moreno

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel2
minLevel2
typeflat

...

Anchor
access_logs
access_logs

Expand
titleEvent formats

IIS access logs:


In the access log there is one event for each request processed by the server. Follow these steps to select type of logs you want to process:

IIS 7.0 and later

  1. Open IIS Manager (StartControl PanelSystem and securityAdministrative toolsIIS Manager).

  2. Select the site want to configure and double click on the Register icon in the Features view. 

  3. Check that the Logging is enabled (Enable/Disable option on the Actions view).

  4. Select the log format in the Format field (Register File section from Features view).

  • NCSA Common Format:
    The NCSA Common format is fixed and it corresponds to the web.iis.access-ncsa tag. The log format is the same used in web.apache.accessclf (Common Log Format).

    Code Block
    remotehost rfc931 authuser [date] "request" status bytes

  • W3C Extended format:
    The W3C Extended log file format is the default log file format for IIS and it corresponds to the web.iis.access-w3c tag.

    Code Block
    #Software: Microsoft Internet Information Services 7.5
#Version: 1.0
#Date: 2013-01-03 08:45:16
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status time-taken

    For a detailed description of the log fields, see the Microsoft documentation.

  • W3C Extended ALL format:
    This is the same as the W3C Extended format but logs all of the available fields and it corresponds to the web.iis.access-w3c-all tag. We recommend this format because it offers a greater level of detail.

    Code Block
    #Software: Microsoft Internet Information Services 7.5
#Version: 1.0
#Date: 2013-01-21 11:46:52
#Fields: date time s-sitename s-computername s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken

    NCSA Common Format:
    The NCSA Common format is fixed and it corresponds to the web.iis.access-ncsa tag. The log format is the same used in web.apache.accessclf (Common Log Format).

    Code Block
    remotehost rfc931 authuser [date] "request" status bytes

Table structure

These are the fields displayed in these tables:

...

How is the data sent to Devo?

Devo recommends using the File Fetcher of the Endpoint Agent to forward IIS to Devo. In both cases:

  • Make sure the logs are written in text files.

  • Have the complete paths to the log files on hand when setting up the sending.