Versions Compared

Old Version 15

changes.mady.by.user Omry Koschitzky

Saved on

compared with

New Version Current

changes.mady.by.user Noga Aviram

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Microsoft IIS Server logs analysis App automatically Collect - Read - Parse - Analyzes - Reports all web machine generated log data of the server and presents a comprehensive set of graphs and reports to analyze machine generated data. Use a predefined set of dashboards and gadgets widgets to  visualize visualize and address the system software, code written, and infrastructure during development, testing, and production. This Microsoft IIS logs analysis App helps measure, troubleshoot, and optimize your servers integrity, stability and quality with visualization and investigation dashboards.

...

 
Format StringApear asDescriptionXpoLog PatternXpoLog ftype

Date + Time

date time

The date on which the activity occurred.

 


The time, in coordinated universal time (UTC), at which the activity occurred.

{date,yyyy-MM-dd HH:mm:ss}

Client IP Address
c-ip
The IP address of the client that made the request.
{geoip:Client IP,ftype=remoteip}
remoteip
User Name
cs-username
The name of the authenticated user who accessed your server. Anonymous users are indicated by a hyphen.
{text:Remote User,ftype=remoteuser}
remoteuser
Service Name and Instance Number
s-sitename
The Internet service name and instance number that was running on the client.
{text:Site Name,ftype=sitename}
sitename
Server Name
s-computername
The name of the server on which the log file entry was generated.
{text:Server Name,ftype=servername}
servername
Server IP Address
s-ip
The IP address of the server on which the log file entry was generated.
{ip:ServerIP,ftype= localip}
localip
Server Port
s-port
The server port number that is configured for the service.
{number:ServerPort,ftype=serverport}
serverport
Method
cs-method
The requested action, for example, a GET method.
{choice:Method,ftype=reqmethod;,GET;POST;HEAD}
reqmethod
URI Stem
cs-uri-stem
The target of the action, for example, Default.htm.
{text:Request URL,ftype=requrl} 

requrl
URI Query
cs-uri-query
The query, if any, that the client was trying to perform. A Universal Resource Identifier (URI) query is necessary only for dynamic pages.
{text:queryString,ftype= querystring}
querystring
HTTP Status
sc-status
The HTTP status code.
{number:ResponseStatus,ftype=respstatus}
respstatus
Win32 Status
sc-win32-status
The Windows status code.
{text:Win32Status,ftype=win32status}
win32status
Bytes Sent
sc-bytes
The number of bytes that the server sent.
{number:Bytes Sent,ftype=bytesent}
bytesent
Bytes Received
cs-bytes
The number of bytes that the server received.
{number:Bytes Received,ftype=bytesreceived
bytesreceived
Time Taken
time-taken
The length of time that the action took, in milliseconds.
{number:Time Taken,ftype=processrequestmilli}
processrequestmilli
Protocol Version
cs-version
The protocol version —HTTP or FTP —that the client used.
{text:Protocol Version,ftype=protocolversion} 
protocolversion
Host
cs-host
The host header name, if any.
{text:Host,ftype=hostname}
 

hostname
User Agent
cs(User-Agent)
The browser type that the client used.
{text:User Agent,ftype=useragent}
useragent
Cookie
cs(Cookie)
The content of the cookie sent or received, if any.
{text:Cookie,ftype=cookie} 

cookie
Referrer
cs(Referrer)
The site that the user last visited. This site provided a link to the current site.
{text:RefererQuery,ftype=refererquery}{regexp:Referer,ftype=referer;refName=RefererQuery,^([\w-]+://[^?]+|/[^?]+) 

referer
Protocol Substatus
sc-substatus
The substatus error code.
{number:Protocol SubStatus,ftype=ressubstatus} 

ressubstatus
 
...


IIS Error Log Pattern:
{priority:Type,ftype=severity,Error;Warning;Information;Success;Audit Failure;Audit Success}*;*{timestamp:Date,MM/dd/yyyy HH:mm:ss}*;*{text:Source,ftype=source}*;*{text:Category,ftype=category}*;*{number:Event,ftype=event}*;*{text:User,ftype=username}*;*{text:Computer,ftype=computer}*;*{string:Description}
...
logtype should be set to: iis, error 

Format StringDescriptionXpoLog Patternftype
PriorityThe status of the event.{priority:Type,ftype=severity,Error;Warning;Information;Success;Audit Failure;Audit Success}severity
DateThe date of the event.{timestamp:Date,MM/dd/yyyy HH:mm:ss} 
SourceThe source which the event is intented from.{text:Source,ftype=source}source
CategoryThe category which the records belongs to.{text:Category,ftype=category}category
EventThe ID of the event{number:Event,ftype=event}event
UserThe user who performed the event.{text:User,ftype=username}username
ComputerThe machine which the event was performed from.{text:Computer,ftype=computer}computer
DescriptionDescription regarding the event{string:Description}