Introduction
The tags beginning with web.iis
identify events generated by the Internet Information Services (IIS) belonging to IBM.
Valid tags and data tables
The full tag must have 3 levels. The first two are fixed as web.apache
. The third level identifies the type of events sent and the rest of them indicate the event subtype.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product/Service | Tag | Data table |
---|---|---|
Apache HTTP Server Project |
|
|
|
| |
| ||
|
| |
|
For more information, read the article about Devo tags.
Table structure
These are the fields displayed in these tables:
web.iis.accessNcsa
web.iis.accessW3c
web.iis.accessW3cAll
web.iis.accessNcsa
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
|
| |
environment |
| venv | |
site |
| vsite | |
clon |
| vclon | |
serverdate |
|
| |
srcIp |
|
| |
user |
|
| |
method |
|
| |
url |
|
| |
protocol |
|
| |
statusCode |
|
| |
responseLength |
|
| |
srcIdentd |
|
| |
hostchain |
|
| ✓ |
tag |
|
| ✓ |
rawMessage |
|
| ✓ |
web.iis.accessW3c
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
|
| |
environment |
| venv | |
site |
| vsite | |
clon |
| vclon | |
rawMessage |
|
| ✓ |
serverdate |
|
| |
srcIp |
|
| |
dstIp |
|
| |
serverPort |
|
| |
user |
|
| |
method |
|
| |
url |
|
| |
urlQuery |
|
| |
userAgent |
|
| |
referrer |
|
| |
statusCode |
|
| |
subStatus |
|
| |
win32Status |
|
| |
responseTime |
|
| |
other |
|
| |
comment |
|
| |
hostchain |
|
| ✓ |
tag |
|
| ✓ |
web.iis.accessW3cAll
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
|
| |
environment |
| venv | |
site |
| vsite | |
clon |
| vclon | |
siteName |
|
| |
computerName |
|
| |
serverdate |
|
| |
srcIp |
|
| |
dstIp |
|
| |
serverName |
|
| |
serverPort |
|
| |
user |
|
| |
method |
|
| |
url |
|
| |
urlQuery |
|
| |
protocol |
|
| |
statusCode |
|
| |
referer |
|
| |
userAgent |
|
| |
cookies |
|
| |
subStatus |
|
| |
win32Status |
|
| |
responseLength |
|
| |
requestLength |
|
| |
responseTime |
|
| |
serverdate_str |
|
| |
rawMessage |
| rawSource | |
hostchain |
|
| ✓ |
tag |
|
| ✓ |
How is the data sent to Devo?
Devo recommends using the File Fetcher of the Endpoint Agent to forward IIS to Devo. In both cases:
Make sure the logs are written in text files.
Have the complete paths to the log files on hand when setting up the sending.