com.atlassian.confluence.content.render.xhtml.migration.exceptions.UnknownMacroMigrationException: The macro 'html' is unknown.

Microsoft IIS (Ver 7)

Background

The Microsoft IIS Server logs analysis App automatically Collect - Read - Parse - Analyzes - Reports all web machine generated log data of the server and presents a comprehensive set of graphs and reports to analyze machine generated data. Use a predefined set of dashboards and gadgets to  visualize and address the system software, code written, and infrastructure during development, testing, and production. This Microsoft IIS logs analysis App helps measure, troubleshoot, and optimize your servers integrity, stability and quality with visualization and investigation dashboards.

Steps

  1. Add Log Data In XpoLog, When adding a log to XpoLog you can now select the Log Type (logtype) for Microsoft IIS these are the following logtypes:
    1. iis
    2. w3c
    3. webserver
      1. in addition select not only iis but also you will need to select the log type - access or error

  2. Once all required information is set click next and edit the log pattern, this step is crucial to the accuracy and deployment of the Analytic App. Use the following conversion table in order to build XpoLog pattern out of the access log format.

Example

In the header of IIS access logs , or on the IIS configuration file locate the format specification strings that configure the logged fields for example:

Defaults access log fields:

#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken

The following sequence is the log structure definition: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken

In XpoLog such pattern will be translated into:

{date:Date,yyyy-MM-dd HH:mm:ss} {geoip:ServerIP,ftype= localip} {text:RequestMethod,ftype=reqmethod} {text:RequestURL,ftype=requrl} {text:QueryString,ftype=querystring} {number:ServerPort,ftype=serverport} {text:username,ftype=remoteuser} {geoip:ClientIP,ftype=remoteip} {text:User-agent,ftype=useragent} {text:Referer,ftype=referer} {number:ResponseStatus,ftype=respstatus} {number:SubStatus,ftype=ressubstatus} {text:Win32Status,ftype=win32status} {number:ResponseTimeSecs,ftype=processrequestmilli}{eol}

Extended access log fields:

#Fields: date time s-sitename s-computername s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken

The following sequence is the log structure definition: date time s-sitename s-computername s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken

In XpoLog such pattern will be translated into:

{date:Date,yyyy-MM-dd HH:mm:ss} {text:SiteName,ftype=sitename} {text:ServerName,ftype=servername} {geoip:ServerIP,ftype= localip} {text:RequestMethod,ftype=reqmethod} {text:RequestURL,ftype=requrl} {text:QueryString,ftype=querystring} {number:ServerPort,ftype=serverport} {text:username,ftype=remoteuser} {geoip:ClientIP,ftype=remoteip} {text:ProtocolVer,ftype=protocolversion} {text:User-agent,ftype=useragent} {text:Cookie,ftype=cookie} {text:Referer,ftype=referer} {text:HostName,ftype=hostname} {number:ResponseStatus,ftype=respstatus} {number:SubStatus,ftype=ressubstatus} {text:Win32Status,ftype=win32status} {number:BytesSent,ftype=bytesent} {number:BytesReceived,ftype=bytesreceived} {number:ResponseTimeSecs,ftype=processrequestmilli}{eoe}

for more information see below the format Conversion Table

logtype should be set to: iis, access

Format StringApear asDescriptionXpoLog Patternftype

Date + Time

date time

The date on which the activity occurred.

 

The time, in coordinated universal time (UTC), at which the activity occurred.

{date,yyyy-MM-dd HH:mm:ss}

 

Client IP Address

c-ip

The IP address of the client that made the request.

{ip:ClientIP,ftype=remoteip}

remoteip

User Name

cs-username

The name of the authenticated user who accessed your server. Anonymous users are indicated by a hyphen.

{text:username,ftype=remoteuser}

remoteuser

Service Name and Instance Number

s-sitename

The Internet service name and instance number that was running on the client.

{text:SiteName,ftype=sitename}

sitename

Server Name

s-computername

The name of the server on which the log file entry was generated.

{text:ServerName,ftype=servername}

servername

Server IP Address

s-ip

The IP address of the server on which the log file entry was generated.

{ip:ServerIP,ftype=localip}

localip

Server Port

s-port

The server port number that is configured for the service.

{number:ServerPort,ftype=serverport}

serverport

Method

cs-method

The requested action, for example, a GET method.

{text:RequestMethod,ftype=reqmethod}

reqmethod

URI Stem

cs-uri-stem

The target of the action, for example, Default.htm.

{text:RequestURL,ftype=requrl}

 

requrl

URI Query

cs-uri-query

The query, if any, that the client was trying to perform. A Universal Resource Identifier (URI) query is necessary only for dynamic pages.

{text:QueryString,ftype=querystring}

querystring

HTTP Status

sc-status

The HTTP status code.

{number:ResponseStatus,ftype=respstatus}

respstatus

Win32 Status

sc-win32-status

The Windows status code.

{text:Win32Status,ftype=win32status}

win32status

Bytes Sent

sc-bytes

The number of bytes that the server sent.

{number:BytesSent,ftype=bytesent}

bytesent

Bytes Received

cs-bytes

The number of bytes that the server received.

{number:BytesSent,ftype=bytesreceived}

bytesreceived

Time Taken

time-taken

The length of time that the action took, in milliseconds.

{number:ResponseTimeSecs,ftype=processrequestmilli}

processrequestmilli

Protocol Version

cs-version

The protocol version —HTTP or FTP —that the client used.

{text:ProtocolVer,ftype=protocolversion}

protocolversion

Host

cs-host

The host header name, if any.

{text:HostName,ftype=hostname}

 

hostname

User Agent

cs(User-Agent)

The browser type that the client used.

{text:User-agent,ftype=useragent}

useragent

Cookie

cs(Cookie)

The content of the cookie sent or received, if any.

{text:Cookie,ftype=cookie}

cookie

Referrer

cs(Referrer)

The site that the user last visited. This site provided a link to the current site.

{text:Referer,ftype=referer}

 

referer

Protocol Substatus

sc-substatus

The substatus error code.

{number:SubStatus,ftype=ressubstatus}

 

ressubstatus

 

IIS Error Log Pattern:

{priority:Type,ftype=severity,Error;Warning;Information;Success;Audit Failure;Audit Success}*;*{timestamp:Date,MM/dd/yyyy HH:mm:ss}*;*{text:Source,ftype=source}*;*{text:Category,ftype=category}*;*{number:Event,ftype=event}*;*{text:User,ftype=username}*;*{text:Computer,ftype=computer}*;*{string:Description}

for more information see below the format Conversion Table

logtype should be set to: iis, error

 

Format StringDescriptionXpoLog Patternftype
PriorityThe status of the event.{priority:Type,ftype=severity,Error;Warning;Information;Success;Audit Failure;Audit Success}severity
DateThe date of the event.{timestamp:Date,MM/dd/yyyy HH:mm:ss} 
SourceThe source which the event is intented from.{text:Source,ftype=source}source
CategoryThe category which the records belongs to.{text:Category,ftype=category}category
EventThe ID of the event{number:Event,ftype=event}event
UserThe user who performed the event.{text:User,ftype=username}username
ComputerThe machine which the event was performed from.{text:Computer,ftype=computer}computer
DescriptionDescription regarding the event{string:Description}Â