Document toolboxDocument toolbox

ftp.iis

The tags beginning with ftp.iis identify log events generated by the FTP service for Windows.

Tag Structure

The full tag must have at least six levels. The first two are fixed as ftp.iis. The third level identifies the log type/format and currently must be only access-w3c-all.

The fourth, fifth and sixth levels are required and should identify the environment type, web application, and instance respectively. 

  • environment - Describes the environment in when the event occurred. For example, development, testing, or production.
  • web application - The name of the web application.
  • clon - This is the instance that generated the event. Depending on your network, this can be a machine name, or the virtual name of an IIS process.

The values of these levels should be guided by the structure we propose because they will be saved in the events when saved in Devo. When you open the resulting data table, these will appear in the environment, site and clon columns.

technology

brand

log type/format

environment

web application

clon

ftpiis

access-w3c-all

free but required


free but requiredfree but required

Therefore, the valid tag is:

  • ftp.iis.access-w3c-all.env.app.clon

For more information, read more about Devo tags.

Enable IIS FTP logging

Follow the procedures for "How to configure logging options for an FTP site" in the Microsoft online documentation. In step 4, be sure to select all fields for the log files as shown here:

Follow the rest of the procedure configuring the log file settings as you prefer.

Save log files in W3C Extended Format

You must specify that the IIS FTP log files be generated in the W3C Extended format; this is the format that Devo expects and will parse correctly. Because it includes all possible fields, it also offers the greatest level of detail.

This log file format is as follows:

#Software: Microsoft Internet Information Services 10.0
#Version: 1.0
#Date: 2019-08-29 13:27:26
#Fields: date time c-ip c-port cs-username s-sitename s-computername cs-host s-ip s-port cs-method cs-uri-stem sc-status sc-win32-status sc-substatus sc-bytes cs-bytes time-taken x-session x-fullpath x-debug

For more information about the fields in this format, see Microsoft IIS W3C Extended log format.