This article covers how to configure IIS logs at the site or server level.
Internet Information Services (IIS) for Windows® Server is a flexible, secure, and manageable Web server for hosting on the Web. NXLog can collect various types of system logs on the Windows platform.
Pre-requisites
Download and install the NXLog Community Edition.
IIS Logs Configuration
IIS logging can be configured at the site level or server level.
- Open IIS Manager, which can be accessed from the Tools menu in the Server Manager or from Administrative Tools.
- In the Connections pane on the left, select the server or site for which to configure logging. Select a server to configure logging server-wide, or a site to configure logging for that specific site.
- Double-click the Logging icon in the center pane.
4. Modify the logging configuration as required. The W3C format is recommended.
5. The resulting logs can be collected by NXLog
Panic Soft
#NoFreeOnExit TRUE
define ROOT C:\Program Files\nxlog
define WEBLOG_OUTPUT_DESTINATION_ADDRESS (Forwarder_IP)
define WEBLOG_OUTPUT_DESTINATION_PORT 11613
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf\nxlog.d
define LOGDIR %ROOT%\data
#include %CONFDIR%\\*.conf
define LOGFILE %LOGDIR%\nxlog.log
LogFile %LOGFILE%
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
<Extension iis_parser>
Module xm_csv
Fields ClientIPAddress, UserName, Date, Time, ServiceAndInstance, \
ServerName, ServerIPAddress, TimeTaken, ClientBytesSent, \
ServerBytesSent, ServerStatusCode, WindowsStatusCode, RequestType, \
TargetOfOperation, Parameters
FieldTypes string, string, string, string, string, string, string, integer, \
integer, integer, integer, integer, string, string, string
UndefValue -
</Extension>
<Input iis_w3c>
Module im_file
File 'C:\inetpub\logs\LogFiles\W3SVC*\u_ex*.log'
<Exec>
iis_parser->parse_csv();
$EventTime = strptime($Date + " " + $Time, "%m/%d/%Y %H:%M:%S");
</Exec>
</Input>
<Output out_chronicle_weblog>
Module om_tcp
Host %WEBLOG_OUTPUT_DESTINATION_ADDRESS%
Port %WEBLOG_OUTPUT_DESTINATION_PORT%
# Exec to_syslog_bsd()
</Output>
<Route send_iis_to_syslog_server>
Path iis_w3c => out_chronicle_weblog
</Route>
<Extension _syslog>
Module xm_syslog
</Extension>
<Extension _charconv>
Module xm_charconv
AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32
</Extension>
<Extension _exec>
Module xm_exec
</Extension>
Note: Keep the above nxlog config file in the nxlog.d folder(C:\Program Files\nxlog\conf\nxlog.d)
Once the configuration is completed, need to validate the logs in chronicle using a regular expression as (".*") this expression, or with a specific hostname, will provide the log source types which are ingesting to chronicle, below is the screenshot for reference
Comments
0 comments
Please sign in to leave a comment.