Device Details
|
Device Name |
Microsoft IIS W3C File |
|
Vendor |
Microsoft |
|
Device Type |
IIS W3C File |
|
Supported Model Name/Number |
N/A |
|
Supported Software Version |
N/A |
|
Collection Method |
Flat File |
|
Configurable Log Output |
N/A |
|
Log Source Type |
Flat File - Microsoft IIS W3C File |
|
Log Processing Policy |
LogRhythm Default V 2.0 |
|
Exceptions |
N/A |
|
Additional Information |
https://learn.microsoft.com/en-us/windows/win32/http/w3c-logging |
|
The log format should be followed |
date time s-sitename s-computername s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken
All fields of the IIS log source must be checked for correct parsing.
|
Supported Log Messages
(List of LR tags used to parse the log information for each message type)
|
Type |
Product Version |
Supported Schema Fields |
|---|---|---|
|
V 2.0 : IIS W3C Events |
N/A |
<process>, <dname>, <dip>, <tag1>, <command>, <url>, <object>, <dport>, <login>, <sip>, <version>, <useragent>, <tag2>, <responsecode>, <bytesin>, <bytesout>, <milliseconds> |
|
V 2.0 : Catch All : Level 1 |
N/A |
N/A |
Revision History
|
KB Version |
Log Type |
Change Type |
Details |
|---|---|---|---|
|
KB 7.1.665.0 |
Flat File - Microsoft IIS W3C File |
New Log Source Optimization (LSO) policy: LogRhythm Default v2.0 |
Optimized new log processing policy for Flat File - Microsoft IIS W3C File |