...
The Microsoft IIS Server logs analysis App automatically Collect - Read - Parse - Analyzes - Reports all web machine generated log data of the server and presents a comprehensive set of graphs and reports to analyze machine generated data. Use a predefined set of dashboards and gadgets widgets to visualize visualize and address the system software, code written, and infrastructure during development, testing, and production. This Microsoft IIS logs analysis App helps measure, troubleshoot, and optimize your servers integrity, stability and quality with visualization and investigation dashboards.
...
Format String | Apear as | Description | XpoLog Pattern | XpoLog ftype | |
---|---|---|---|---|---|
Date + Time | date time | The date on which the activity occurred.
The time, in coordinated universal time (UTC), at which the activity occurred. | {date,yyyy-MM-dd HH:mm:ss} | ||
Client IP Address | c-ip | The IP address of the client that made the request. | {geoip:Client IP,ftype=remoteip} | remoteip | |
User Name | cs-username | The name of the authenticated user who accessed your server. Anonymous users are indicated by a hyphen. | {text:Remote User,ftype=remoteuser} | remoteuser | |
Service Name and Instance Number | s-sitename | The Internet service name and instance number that was running on the client. | {text:Site Name,ftype=sitename} | sitename | |
Server Name | s-computername | The name of the server on which the log file entry was generated. | {text:Server Name,ftype=servername} | servername | |
Server IP Address | s-ip | The IP address of the server on which the log file entry was generated. | {ip:ServerIP,ftype= localip} | localip | |
Server Port | s-port | The server port number that is configured for the service. | {number:ServerPort,ftype=serverport} | serverport | |
Method | cs-method | The requested action, for example, a GET method. | {choice:Method,ftype=reqmethod;,GET;POST;HEAD} | reqmethod | |
URI Stem | cs-uri-stem | The target of the action, for example, Default.htm. | {text:Request URL,ftype=requrl} | requrl | |
URI Query | cs-uri-query | The query, if any, that the client was trying to perform. A Universal Resource Identifier (URI) query is necessary only for dynamic pages. | {text:queryString,ftype= querystring} | querystring | |
HTTP Status | sc-status | The HTTP status code. | {number:ResponseStatus,ftype=respstatus} | respstatus | |
Win32 Status | sc-win32-status | The Windows status code. | {text:Win32Status,ftype=win32status} | win32status | |
Bytes Sent | sc-bytes | The number of bytes that the server sent. | {number:Bytes Sent,ftype=bytesent} | bytesent | |
Bytes Received | cs-bytes | The number of bytes that the server received. | {number:Bytes Received,ftype=bytesreceived | bytesreceived | |
Time Taken | time-taken | The length of time that the action took, in milliseconds. | {number:Time Taken,ftype=processrequestmilli} | processrequestmilli | |
Protocol Version | cs-version | The protocol version —HTTP or FTP —that the client used. | {text:Protocol Version,ftype=protocolversion} | protocolversion | |
Host | cs-host | The host header name, if any. | {text:Host,ftype=hostname}
| hostname | |
User Agent | cs(User-Agent) | The browser type that the client used. | {text:User Agent,ftype=useragent} | useragent | |
Cookie | cs(Cookie) | The content of the cookie sent or received, if any. | {text:Cookie,ftype=cookie} | cookie | |
Referrer | cs(Referrer) | The site that the user last visited. This site provided a link to the current site. | {text:RefererQuery,ftype=refererquery}{regexp:Referer,ftype=referer;refName=RefererQuery,^([\w-]+://[^?]+|/[^?]+) | referer | |
Protocol Substatus | sc-substatus | The substatus error code. | {number:Protocol SubStatus,ftype=ressubstatus} | ressubstatus |
...
IIS Error Log Pattern:
{priority:Type,ftype=severity,Error;Warning;Information;Success;Audit Failure;Audit Success}*;*{timestamp:Date,MM/dd/yyyy HH:mm:ss}*;*{text:Source,ftype=source}*;*{text:Category,ftype=category}*;*{number:Event,ftype=event}*;*{text:User,ftype=username}*;*{text:Computer,ftype=computer}*;*{string:Description}
...
logtype should be set to: iis, error
Format String | Description | XpoLog Pattern | ftype | |
---|---|---|---|---|
Priority | The status of the event. | {priority:Type,ftype=severity,Error;Warning;Information;Success;Audit Failure;Audit Success} | severity | |
Date | The date of the event. | {timestamp:Date,MM/dd/yyyy HH:mm:ss} | ||
Source | The source which the event is intented from. | {text:Source,ftype=source} | source | |
Category | The category which the records belongs to. | {text:Category,ftype=category} | category | |
Event | The ID of the event | {number:Event,ftype=event} | event | |
User | The user who performed the event. | {text:User,ftype=username} | username | |
Computer | The machine which the event was performed from. | {text:Computer,ftype=computer} | computer | |
Description | Description regarding the event | {string:Description} |