web.iis
Introduction
The tags beginning with web.iis
 identify events generated by the Internet Information Services belonging to Microsoft.
Valid tags and data tables
The full tag must have at least 3 levels. The first two are fixed as web.iis
. The third level identifies the type of events sent.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product/Service | Tag | Data table |
---|---|---|
Apache HTTP Server Project |
|
|
|
| |
| ||
|
| |
|
For more information, read the article about Devo tags.
Table structure
These are the fields displayed in these tables:
web.iis.accessNcsa
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
| Â | Â |
environment |
| venv | Â |
site |
| vsite | Â |
clon |
| vclon | Â |
serverdate |
| Â | Â |
srcIp |
| Â | Â |
user |
| Â | Â |
method |
| Â | Â |
url |
| Â | Â |
protocol |
| Â | Â |
statusCode |
| Â | Â |
responseLength |
| Â | Â |
srcIdentd |
| Â | Â |
hostchain |
|  | ✓ |
tag |
|  | ✓ |
rawMessage |
|  | ✓ |
web.iis.accessW3c
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
| Â | Â |
environment |
| venv | Â |
site |
| vsite | Â |
clon |
| vclon | Â |
rawMessage |
|  | ✓ |
serverdate |
| Â | Â |
srcIp |
| Â | Â |
dstIp |
| Â | Â |
serverPort |
| Â | Â |
user |
| Â | Â |
method |
| Â | Â |
url |
| Â | Â |
urlQuery |
| Â | Â |
userAgent |
| Â | Â |
referrer |
| Â | Â |
statusCode |
| Â | Â |
subStatus |
| Â | Â |
win32Status |
| Â | Â |
responseTime |
| Â | Â |
other |
| Â | Â |
comment |
| Â | Â |
hostchain |
|  | ✓ |
tag |
|  | ✓ |
web.iis.accessW3cAll
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
| Â | Â |
environment |
| venv | Â |
site |
| vsite | Â |
clon |
| vclon | Â |
siteName |
| Â | Â |
computerName |
| Â | Â |
serverdate |
| Â | Â |
srcIp |
| Â | Â |
dstIp |
| Â | Â |
serverName |
| Â | Â |
serverPort |
| Â | Â |
user |
| Â | Â |
method |
| Â | Â |
url |
| Â | Â |
urlQuery |
| Â | Â |
protocol |
| Â | Â |
statusCode |
| Â | Â |
referer |
| Â | Â |
userAgent |
| Â | Â |
cookies |
| Â | Â |
subStatus |
| Â | Â |
win32Status |
| Â | Â |
responseLength |
| Â | Â |
requestLength |
| Â | Â |
responseTime |
| Â | Â |
serverdate_str |
| Â | Â |
rawMessage |
| rawSource | Â |
hostchain |
|  | ✓ |
tag |
|  | ✓ |
How is the data sent to Devo?
Devo recommends using the File Fetcher of the Endpoint Agent to forward IIS to Devo. In both cases:
Make sure the logs are written in text files.
Have the complete paths to the log files on hand when setting up the sending.