Versions Compared

Old Version 13

changes.mady.by.user Borja Moro Moreno

Saved on

compared with

New Version Current

changes.mady.by.user Borja Moro Moreno

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel2
minLevel2
typeflat

...

The tags beginning with web.iis identify events generated by the IBM InfoSphere Internet Information Server Services belonging to IBM Microsoft.

Valid tags and data tables

The full tag must have at least 3 levels. The first two are fixed as web.apacheiis. The third level identifies the type of events sent and the rest of them indicate the event subtypes.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product/Service

Tag

Data table

Apache HTTP Server Project

web.iis.accessNcsa

web.iis.accessNcsa

web.iis.access-w3c.pro.gif.1

web.iis.accessW3c

web.iis.access-w3c.env.aws.pam

web.iis.access-w3c-all.b.app.clon

web.iis.accessW3cAll

web.iis.access-w3c-all.pro.gif.1

For more information, read the article about Devo tags.

...

web.iis.accessNcsa

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

environment

str

venv

site

str

vsite

clon

str

vclon

serverdate

timestamp

 

srcIp

ip4

 

user

str

 

method

str

 

url

str

 

protocol

str

 

statusCode

int4

 

responseLength

int4

 

srcIdentd

str

 

hostchain

str

 

tag

str

 

rawMessage

str

 

web.iis.accessW3c

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

environment

str

venv

site

str

vsite

clon

str

vclon

rawMessage

str

 

serverdate

timestamp

 

srcIp

str

 

dstIp

str

 

serverPort

int4

 

user

str

 

method

str

 

url

str

 

urlQuery

str

 

userAgent

str

 

referrer

str

 

statusCode

int4

 

subStatus

int4

 

win32Status

int8

 

responseTime

int4

 

other

str

 

comment

str

 

hostchain

str

 

tag

str

 

web.iis.accessW3cAll

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

environment

str

venv

site

str

vsite

clon

str

vclon

siteName

str

 

computerName

str

 

serverdate

timestamp

 

srcIp

ip4

 

dstIp

ip4

 

serverName

str

 

serverPort

int4

 

user

str

 

method

str

 

url

str

 

urlQuery

str

 

protocol

str

 

statusCode

int4

 

referer

str

 

userAgent

str

 

cookies

str

 

subStatus

int4

 

win32Status

int4

 

responseLength

int4

 

requestLength

int4

 

responseTime

int4

 

serverdate_str

str

 

rawMessage

str

rawSource

hostchain

str

 

tag

str

 

How is the data sent to Devo?

Devo recommends using the File Fetcher of the Endpoint Agent to forward IIS to Devo. In both cases:

  • Make sure the logs are written in text files.

  • Have the complete paths to the log files on hand when setting up the sending.