Table of Contents | ||||||
---|---|---|---|---|---|---|
|
...
Anchor | ||||
---|---|---|---|---|
|
Expand | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
IIS access logsIn the access log there is one event for each request processed by the server. Follow these steps to select type of logs you want to process:
W3C Extended formatThe W3C Extended log file format is the default log file format for IIS and it corresponds to the W3C Extended log format:
For a detailed description of the log fields, see the Microsoft documentation. W3C Extended ALL formatThis is the same as the W3C Extended format but logs all of the available fields and it corresponds to the W3C Extended ALL log format:
NCSA Common FormatThe NCSA Common format is fixed and it corresponds to the web.iis.access-ncsa tag. The log format is the same used in web.apache.accessclf (Common Log Format). NCSA Common log format:
|
...
These are the fields displayed in these tables:
web.iis.accessNcsa
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
|
| |
environment |
| venv | |
site |
| vsite | |
clon |
| vclon | |
serverdate |
|
| |
srcIp |
|
| |
user |
|
| |
method |
|
| |
url |
|
| |
protocol |
|
| |
statusCode |
|
| |
responseLength |
|
| |
srcIdentd |
|
| |
hostchain |
|
| ✓ |
tag |
|
| ✓ |
rawMessage |
|
| ✓ |
...
How is the data sent to Devo?
Devo recommends using the File Fetcher of the Endpoint Agent to forward IIS to Devo. In both cases:
Make sure the logs are written in text files.
Have the complete paths to the log files on hand when setting up the sending.