Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

WinCollect Microsoft IIS Log Source Configuration Options

 

You can configure a log source to use the Microsoft Internet Information Services (IIS). This WinCollect plugin supports a single point of collection for W3C format log files that are on a Microsoft IIS web server.

Overview for the WinCollect Plug-in for Microsoft IIS

You can use one of two methods to collect Microsoft IIS logs with WinCollect. You can install an agent locally on your Microsoft IIS server and configure it accordingly. Or, with WinCollect 7.2.8 and later, you can configure a WinCollect agent to remotely poll the IIS logs. See Table 1 for setting up the directory paths based off your method of log collection.

The WinCollect plug-in for Microsoft IIS can read and forward events for the following logs:

  • Website (W3C) logs

  • File Transfer Protocol (FTP) logs

  • Simple Mail Transfer Protocol (SMTP) logs

  • Network News Transfer Protocol (NNTP) logs

The WinCollect plug-in for Microsofct IIS can monitor W3C, IIS, and NCSA formatted event logs. However, the IIS and NCSA event formats do not contain as much event information in their event payloads as the W3C event format. To collect the maximum information available, configure your Microsoft IIS Server to write events in W3C format. WinCollect can collect both ASCII and UTF-8 encoded event log files.

Supported Versions Of Microsoft IIS

The Microsoft IIS plug-in for WinCollect supports the following Microsoft IIS software versions:

  • Microsoft IIS Server 6.0

  • Microsoft IIS Server 7.0

  • Microsoft IIS Server 7.5

  • Microsoft IIS Server 8.0

  • Microsoft IIS Server 8.5

  • Microsoft IIS Server 10

WinCollect Microsoft IIS Parameters

Table 1: Microsoft IIS Parameters

Parameter

Description

Protocol Configuration

Select WinCollect Microsoft IIS.

Log Source Identifier

The IP address or host name of your Microsoft IIS server.

It must be unique for the log source type.

Root Directory

The directory path to your Microsoft IIS log files.

  • For Microsoft IIS 6.0 (individual site), use

    • Local: %SystemRoot%\LogFiles\site name

    • Remote: \\HostnameorIP\c$\LogFiles\site name

For Microsoft 7.0-10.0 (full site), use:

  • Local: %SystemDrive%\inetpub\logs\LogFiles

  • Remote: \\HostnameorIP\c$\inetpub\logs\LogFiles

For Microsoft IIS 7.0-10.0 (individual site), use:

  • Local: %SystemDrive%\inetpub\logs\LogFiles\site name

  • Remote: \\HostnameorIP\c$\inetpub\logs\LogFiles \site name

Polling Interval

The amount of time between queries to the root log directory for new events.

The default polling interval is 5000 milliseconds.

FTP

Collects File Transfer Protocol (FTP) events from Microsoft IIS.

NNTP/News

Collects Network News Transfer Protocol (NNTP) events from Microsoft IIS.

SMTP/Mail

Collects Simple Mail Transfer Protocol (SMTP) events from Microsoft IIS.

W3C

Collects website (W3C) events from Microsoft IIS.

WinCollect Agent

Manages the WinCollect agent log source.