Submit a ticketCall us

AnnouncementsTHWACKcamp 2018 is here

2018 is the seventh year for THWACKcamp™, and once again we’ll be live October 17 – 18 with packed session tracks covering everything from network monitoring and management, to change control, application management, storage, cloud and DevOps, security, automation, virtualization, mapping, logging, and more.

Register for online sessions.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > LEM - IIS Advanced Logging

LEM - IIS Advanced Logging

Updated 08/10/2017


This article describes how to set up the Microsoft IIS W3C Advanced Logging connector for LEM.


  • LEM all versions


Set up the connector to receive the logs

  1. Open the connectors on the node where IIS has been installed:
    MANAGE>Nodes>IIS Node>Gear Icon>Connectors
    Open Connectors
  2. Type IIS in the search bar on the top left and then click the Gear Icon on the left hand side of the Microsoft IIS Advanced Logging Connector and select New:
    Create a New Connector
  3. Set up the IIS Advanced Logging Connector to point at the correct log file location: Make sure to review the folder path on the node.
    Log File Location
  4. Set the correct prefix and postfix for the log files in that location: Make sure to look at the log file on the node.
    Log File Prefix
    Log File Postfix
  5. Save the Connector and Start it:
    Save the Connector


Check for the Logging

  1. Create a Filter in the MONITOR>Filters area of the LEM WebConsole or Adobe Air Console to watch the incoming data using AnyAlert.ToolAlias=*Microsoft IIS W3C Advanced Logging* (make sure to modify the name if you changed the alias on the connector) and save the Filter:
    Filter Setup
  2. Send the Filter Query to nDepth to review the data if needed or recreate the search in EXPLORE>nDepth:
    Send to nDepth
  3. If you are seeing data the IIS logging has started. If not, you will need to check the following items in IIS.


Set up IIS to send the logs to the log file in the correct format

  1. Open IIS and select the Advanced Logging:Advanced IIS Logging
  2. On the Advanced Logging page, Double click on the Group Name to open the Log Definition page:Advanced IIS Logging
  3. On the Log Definition page click on the [Select Fields...] button to open the Select Logging Fields page:Advanced IIS Logging
  4. Make sure the following items are checked on the Select Logging Fields page:


    Advanced IIS Logging
  5. Apply the settings and restart IIS and the logging should start to come in after a few minutes.

Contact SolarWinds Technical Support if this does not cause the Advanced IIS logs to begin showing up on the LEM.


Last modified