Internet Information Services (IIS) for Windows is a flexible, secure and manageable Web server for hosting anything on the Web. Logging events, usually an HTTP transaction, are recorded by the IIS logging module. For more information about the events refer the Microsoft IIS documentation.
Integration Method: Data Collector
Tables: FTP Activity (4008), HTTP Activity (4002)
This integration supports the following type of events.
Event | Description |
---|---|
FTP | Records each FTP operation handled by the IIS FTP server |
HTTP | Records each HTTP request made to the IIS web server |
This integration supports the following versions.
Microsoft IIS Version | 10.0 |
Microsoft API version | N/A |
Prerequisites
The user should have a compatible version of the Windows system and configure the data collector.
The user should have access to the DataBee console.
Configuration Overview
Install the Data Collector on your machine and configure filters for the data feed.
Install the Data Collector
Create Microsoft IIS Data Feed in the DataBee console.
Data Collector Configuration
In order to receive logs from Microsoft IIS, a Data Collector must be installed and configured. The data collector will read the Microsoft IIS log files and send these events to DataBee encrypted. For more information refer to the Data Collector article.
Note
The logs files need to be accessible by the Data Collector via a remote mount or installed on the same IIS machine.
Microsoft IIS Configuration
Default Logging
In the case of Default Logging, no additional configuration is required.
To select all fields for forwarding, go for Custom Logging option (extended format support).
Custom Logging
Open the IIS Manager.
In the Connections tree view of IIS Manager, select your web server.
In Features View, double-click Logging.
On the “Logging” page, confirm the following options:
One log file per: Make sure Site is selected
Log File format: W3C
Directory: Keep default
Log Event Destination: Select Both log file and ETW event
Log File Rollover: Keep default schedule (i.e. Hourly)
Click on Select Fields... for Log File. Under the “W3C Logging Fields” window, make sure all fields are selected and click on OK.
Similarly, navigate to Features View and double-click FTP Logging.
On the “FTP Logging” page, confirm the following and keep default.
Under ‘Log File’, click on Select W3C Fields... option and make sure all fields are selected and click on OK.
For more information on Configuring Logging, refer to the article Configure Logging in IIS.
DataBee Configuration
Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
Search for Microsoft IIS and click it as shown below.
Click on the Data Collector option for collection method.
Click on the Flat File option to poll traffic events from the Microsoft IIS server.
Enter the feed contact information, select the collector that you have created, and click on the Next button.
Fill in the required details to configure the data feed and Click on the Next button.
Format: Select cef option from the dropdown menu.
Refresh Interval (seconds): Select 1 second to achieve optimum performance. The available options are 1, 5, 10, and 20.
Source Files: Enter the list of source files to be monitored. For example, C:\inetpub\logs\LogFiles\*\*
Exclusion Files (optional): Enter a list of source files to be excluded (Keep blank value).
Tags (optional): Add the key-value pair optionally to identify the source.
Click on the Submit button.
Troubleshooting Tips
Ensure that the server is reachable by opening the terminal on the receiver machine and running ping <server_ip> command.
If you encounter any issues regarding log forwarding, refer to the DataBee troubleshooting article for detailed guidance.