Submit a ticketCall us

Training ClassThe Orion® Platform Instructor-led Classes

Provided by SolarWinds® Academy, these trainings will introduce users to the Orion Platform and its features, management, and navigation. These courses are suitable for users looking to discover new tips, tricks, and ways to adapt their Orion products to better suit their monitoring needs:
Deploying the Orion Platform
Configuring Orion views, maps, and accounts
Configuring Orion alerts and reports

Reserve your seat.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > LEM - IIS Advanced Logging

LEM - IIS Advanced Logging

Updated Jan 23, 2019

Overview

This article describes how to set up the Microsoft IIS W3C Advanced Logging connector for LEM.

Environment

  • LEM all versions

Steps


Set up the connector to receive the logs

  1. Open the connectors on the node where IIS has been installed:
    MANAGE>Nodes>IIS Node>Gear Icon>Connectors
    Open Connectors
  2. Type IIS in the search bar on the top left and then click the Gear Icon on the left hand side of the Microsoft IIS Advanced Logging Connector and select New:
    Create a New Connector
  3. Set up the IIS Advanced Logging Connector to point at the correct log file location: Make sure to review the folder path on the node.
    Log File Location
  4. Set the correct prefix and postfix for the log files in that location: Make sure to look at the log file on the node.
    Log File Prefix
    Log File Postfix
  5. Save the Connector and Start it:
    Save the Connector

 

Check for the Logging

  1. Create a Filter in the MONITOR>Filters area of the LEM WebConsole or Adobe Air Console to watch the incoming data using AnyAlert.ToolAlias=*Microsoft IIS W3C Advanced Logging* (make sure to modify the name if you changed the alias on the connector) and save the Filter:
    Filter Setup
  2. Send the Filter Query to nDepth to review the data if needed or recreate the search in EXPLORE>nDepth:
    Send to nDepth
  3. If you are seeing data the IIS logging has started. If not, you will need to check the following items in IIS.

 

Set up IIS to send the logs to the log file in the correct format

  1. Open IIS and select the Advanced Logging:Advanced IIS Logging
  2. On the Advanced Logging page, Double click on the Group Name to open the Log Definition page:Advanced IIS Logging
  3. On the Log Definition page click on the [Select Fields...] button to open the Select Logging Fields page:Advanced IIS Logging
  4. Make sure the following items are checked on the Select Logging Fields page:

    date
    time
    s-ip
    cs-method
    cs-uri-stem
    cs-uri-query
    s-port
    cs-username
    c-ip
    cs(User-Agent)
    cs(Referer)
    sc-status
    sc-substatus
    sc-win32-status
    TimeTakenMS
    X-Forwarded-For

    Advanced IIS Logging
  5. Apply the settings and restart IIS and the logging should start to come in after a few minutes.

 

Note: If X-Forward Log field is not showing up in LEM web console, then make sure the "Microsoft IIS Web Server 5.0 (W3C Extended file format)" connecter version is #41


Contact SolarWinds Technical Support if this does not cause the Advanced IIS logs to begin showing up on the LEM.

 

Last modified

Tags

Classifications

Public