Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

WinCollect Microsoft IIS Log Source Configuration Options

 

You can configure a log source to use the Microsoft Internet Information Services (IIS). This WinCollect plugin supports a single point of collection for W3C format log files that are on a Microsoft IIS web server.

Overview for the WinCollect Plug-in for Microsoft IIS

To collect Microsoft IIS events, a WinCollect agent must be installed on your Microsoft Server.

Note

Remote polling for Microsoft IIS events is not supported by the WinCollect plug-in for Microsoft IIS.

Microsoft includes a range of administrative features for managing websites. You can monitor attempts to access your websites to determine whether attempts were made to read or write to your files. You can create a single Microsoft IIS log source to record events from your entire website directory or individual websites.

The WinCollect plug-in for Microsoft IIS can read and forward events for the following logs:

  • Website (W3C) logs

  • File Transfer Protocol (FTP) logs

  • Simple Mail Transfer Protocol (SMTP) logs

  • Network News Transfer Protocol (NNTP) logs

The WinCollect plug-in for Microsofct IIS can monitor W3C, IIS, and NCSA formatted event logs. However, the IIS and NCSA event formats do not contain as much event information in their event payloads as the W3C event format. To collect the maximum information available, configure your Microsoft IIS Server to write events in W3C format. WinCollect can collect both ASCII and UTF-8 encoded event log files.

Note

The Microsoft authentication protocol NTLMv2 is not supported by the Microsoft IIS protocol.

Supported Versions Of Microsoft IIS

The Microsoft IIS plug-in for WinCollect supports the following Microsoft IIS software versions:

  • Microsoft IIS Server 6.0

  • Microsoft IIS Server 7.0

  • Microsoft IIS Server 7.5

  • Microsoft IIS Server 8.0

  • Microsoft IIS Server 8.5

  • Microsoft IIS Server 10

WinCollect Microsoft IIS Parameters

Table 1: Microsoft IIS Parameters

Parameter

Description

Protocol Configuration

Select WinCollect Microsoft IIS.

Log Source Identifier

The IP address or host name of your Microsoft IIS server.

It must be unique for the log source type.

Root Directory

The directory path to your Microsoft IIS log files.

  • For Microsoft IIS 6.0 (individual site), use %SystemRoot%\LogFiles\site name

  • For Microsoft 7.0-8.0 (full site), use %SystemDrive%\inetpub\logs\LogFiles

  • For Microsoft IIS 7.0-8.0 (individual site), use %SystemDrive%\inetpub\logs\LogFiles\site name

Polling Interval

The amount of time between queries to the root log directory for new events.

The default polling interval is 5000 milliseconds.

FTP

Collects File Transfer Protocol (FTP) events from Microsoft IIS.

NNTP/News

Collects Network News Transfer Protocol (NNTP) events from Microsoft IIS.

SMTP/Mail

Collects Simple Mail Transfer Protocol (SMTP) events from Microsoft IIS.

W3C

Collects website (W3C) events from Microsoft IIS.

WinCollect Agent

Manages the WinCollect agent log source.