Skip to main content
Skip table of contents

Flat File - Microsoft IIS FTP IIS Log File Format

IIS format is a fixed ASCII format and cannot be customized. It includes basic items such as user IP address, user name, request date and time, service status code, and number of bytes received. It also includes detailed items such as elapsed time, number of bytes sent, target file, and action – for example, a download carried out by a GET command. Unlike other ASCII formats, items are separated by commas rather than spaces. The time is recorded as local time.


  • Ensure the IIS Active log format = Microsoft IIS Log File Format.
  • Identify the following prior to configuration:
    • The Microsoft IIS default log directory
    • The LogRhythm System Monitor Agent used to collect the logs from Microsoft IIS Manager

Configure Default Log Directory and Active Log FTP Format in Microsoft IIS Manager

  1. Start Internet Information Services (IIS) Manager.
  2. Access ServerName, then FTP Sites.
  3. Right-click the FTP site where you want to enable logging and select Properties from the context menu.
  4. Click the FTP Site tab.
  5. Select the Engage logging check box.
  6. In the Active log format box, select Microsoft IIS Log File Format.
  7. Next to the Active log format, click Properties.
  8. Specify the log file directory, for example: C:\Windows\System32\LogFiles\IISFTP_logs\.

After you configure the device, you must also configure LogRhythm according to the instructions provided on the overview page of this guide. The files being collected must be viewable on the host with the Agent using a standard file name path such as: /var/log/logfile.txt or C:\logs\logfile.txt.

Only Global Admins or Restricted Admins with elevated View and Manage privileges can take this action.

The name of the log message source is Flat File - Microsoft IIS FTP IIS Log File Format. In addition, when configuring this log source:

  • For Log Message Processing Engine (MPE) Policy, select LogRhythm Default.
  • On the Flat File Settings tab, enter the following:
    • File Path. C:\Windows\System32\LogFiles\IISFTPIIS\*.log
    • Date Parsing Format. Select existing IIS IIS Log type: “<M>/<d>/<yy>, <h>:<m>:<s>,”
    • Log Message Start Regex. ^\d
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.