V 2.0 : IIS W3C Events
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| V 2.0: IIS W3C Events | Base Rule | General IIS Activity | Information |
| V 2.0: HTTP POST 400: Bad Request | Sub Rule | HTTP 400: Bad Request | Error |
| V 2.0: HTTP POST 401: Unauthorized | Sub Rule | HTTP 401: Unauthorized | Error |
| V 2.0: HTTP POST 402: Request Err - Payment Req | Sub Rule | HTTP 402: Request Error - Payment Required | Error |
| V 2.0: HTTP POST 403: Forbidden | Sub Rule | HTTP 403: Forbidden | Error |
| V 2.0: HTTP POST 404: Not Found | Sub Rule | HTTP 404: Not Found | Error |
| V 2.0: HTTP POST 405: Method Not Allowed | Sub Rule | HTTP 405: Method Not Allowed | Error |
| V 2.0: HTTP POST 406: Not Acceptable | Sub Rule | HTTP 406: Not Acceptable | Error |
| V 2.0: HTTP POST 407: Proxy Authentication Req | Sub Rule | HTTP 407: Proxy Authentication Required | Error |
| V 2.0: HTTP POST 408: Request Timeout | Sub Rule | HTTP 408: Request Timeout | Error |
| V 2.0: HTTP POST 409: Conflict | Sub Rule | HTTP 409: Conflict | Error |
| V 2.0: HTTP POST 410: Gone | Sub Rule | HTTP 410: Gone | Error |
| V 2.0: HTTP POST 411: Length Required | Sub Rule | HTTP 411: Length Required | Error |
| V 2.0: HTTP POST 412: Precondition Failed | Sub Rule | HTTP 412: Precondition Failed | Error |
| V 2.0: HTTP POST 413: Request Entity Too Large | Sub Rule | HTTP 413: Request Entity Too Large | Error |
| V 2.0: HTTP POST 414: Request-URI Too Long | Sub Rule | HTTP 414: Request-URI Too Long | Error |
| V 2.0: HTTP POST 415: Unsupported Media Type | Sub Rule | HTTP 415: Unsupported Media Type | Error |
| V 2.0: HTTP POST 416: Requested Range Not Satisf | Sub Rule | HTTP 416: Requested Range Not Satisfiable | Error |
| V 2.0: HTTP POST 417: Expectation Failed | Sub Rule | HTTP 417: Expectation Failed | Error |
| V 2.0: HTTP POST 440: Req Error - Login Timeout | Sub Rule | HTTP 440: Request Error - Login Timeout | Error |
| V 2.0: HTTP POST 500 :Server Err - Int Server Err | Sub Rule | HTTP 500: Server Error - Internal Server Error | Error |
| V 2.0: HTTP POST 501: Server Err - Not Implement | Sub Rule | HTTP 501: Server Error - Not Implemented | Error |
| V 2.0: HTTP POST 502: Server Error - Bad Gateway | Sub Rule | HTTP 502: Server Error - Bad Gateway | Error |
| V 2.0: HTTP POST 503: Service Unavailable | Sub Rule | HTTP 503: Service Unavailable | Error |
| V 2.0: HTTP POST 504: Server Err -Gateway Timeout | Sub Rule | HTTP 504: Server Error - Gateway Time-Out | Error |
| V 2.0: HTTP POST 505: Server Err -HTTP Ver Unsupp | Sub Rule | HTTP 505: Server Error - HTTP Ver Unsupported | Error |
| V 2.0: HTTP POST 995: SSL Operation Aborted | Sub Rule | HTTP 995: Request Error - SSL Operation Aborted | Error |
| V 2.0: HTTP POST 100: Continue | Sub Rule | HTTP 100: Continue | Information |
| V 2.0: HTTP POST 101: Transition Status- Protocol | Sub Rule | HTTP 101: Transition Status - Protocol Switch | Information |
| V 2.0: HTTP POST 200: Success Reply - OK | Sub Rule | HTTP 200: Success Reply - OK | Information |
| V 2.0: HTTP POST 201: Success Reply - Created | Sub Rule | HTTP 201: Success Reply - Created | Information |
| V 2.0: HTTP POST 202: Success Reply - Accepted | Sub Rule | HTTP 202: Success Reply - Accepted | Information |
| V 2.0: HTTP POST 203: Success Reply - Non-auth | Sub Rule | HTTP 203: Success Reply - Nonauthoritative Info | Information |
| V 2.0: HTTP POST 204: Success Reply - No Content | Sub Rule | HTTP 204: Success Reply - No Content | Information |
| V 2.0: HTTP POST 205: Success Reply-Reset Content | Sub Rule | HTTP 205: Success Reply - Reset Content | Information |
| V 2.0 :HTTP POST 206: Success Rep -Partial Content | Sub Rule | HTTP 206: Success Reply - Partial Content | Information |
| V 2.0: HTTP POST 207: Success - Multistatus Resp | Sub Rule | HTTP 207: Success - Multistatus Response | Information |
| V 2.0: HTTP POST 300: Redirect - Multiple Choice | Sub Rule | HTTP 300: Redirect - Multiple Choices | Information |
| V 2.0: HTTP POST 301: Redirect - Moved Permanent | Sub Rule | HTTP 301: Redirect - Moved Permanently | Information |
| V 2.0: HTTP POST 302: Redirect - Moved Temporary | Sub Rule | HTTP 302: Redirect - Moved Temporarily | Information |
| V 2.0: HTTP POST 303: Redirect - See Other | Sub Rule | HTTP 303: Redirect - See Other | Information |
| V 2.0: HTTP POST 304: Redirect - Not Modified | Sub Rule | HTTP 304: Redirect - Not Modified | Information |
| V 2.0: HTTP POST 305: Redirect - Use Proxy | Sub Rule | HTTP 305: Redirect - Use Proxy | Information |
| V 2.0: HTTP POST 306: Redirect - Unused | Sub Rule | HTTP 306: Redirect - Unused | Information |
| V 2.0 :HTTP POST 307: Redirect -Temporary Redirect | Sub Rule | HTTP 307: Redirect - Temporary Redirect | Information |
| V 2.0: HTTP GET 100: Transitional - Continue | Sub Rule | HTTP 100: Continue | Information |
| V 2.0: HTTP GET 101: Transitional - Proto Switch | Sub Rule | HTTP 101: Transition Status - Protocol Switch | Information |
| V 2.0: HTTP GET 200: Success - OK | Sub Rule | HTTP 200: Success Reply - OK | Information |
| V 2.0: HTTP GET 201: Success - Created | Sub Rule | HTTP 201: Success Reply - Created | Information |
| V 2.0: HTTP GET 202: Success - Accepted | Sub Rule | HTTP 202: Success Reply - Accepted | Information |
| V 2.0: HTTP GET 203: Success - Nonauthoritative | Sub Rule | HTTP 203: Success Reply - Nonauthoritative Info | Information |
| V 2.0: HTTP GET 204: Success - No Content | Sub Rule | HTTP 204: Success Reply - No Content | Information |
| V 2.0: HTTP GET 205: Success - Reset Content | Sub Rule | HTTP 205: Success Reply - Reset Content | Information |
| V 2.0: HTTP GET 206: Success - Partial Content | Sub Rule | HTTP 206: Success Reply - Partial Content | Information |
| V 2.0: HTTP GET 207: Success - Mult Response | Sub Rule | HTTP 207: Success - Multistatus Response | Information |
| V 2.0: HTTP GET 300: Redirect - Multiple Choices | Sub Rule | HTTP 300: Redirect - Multiple Choices | Information |
| V 2.0: HTTP GET 301: Redirect - Moved Permanentl | Sub Rule | HTTP 301: Redirect - Moved Permanently | Information |
| V 2.0: HTTP GET 302: Redirect- Moved Temporarily | Sub Rule | HTTP 302: Redirect - Moved Temporarily | Information |
| V 2.0: HTTP GET 303: Redirect - See Other | Sub Rule | HTTP 303: Redirect - See Other | Information |
| V 2.0: HTTP GET 304: Redirect - Not Modified | Sub Rule | HTTP 304: Redirect - Not Modified | Information |
| V 2.0: HTTP GET 305: Redirect - Use Proxy | Sub Rule | HTTP 305: Redirect - Use Proxy | Information |
| V 2.0: HTTP GET 306: Redirect - Unused | Sub Rule | HTTP 306: Redirect - Unused | Information |
| V 2.0: HTTP GET 307: Redirect-Temporary Redirect | Sub Rule | HTTP 307: Redirect - Temporary Redirect | Information |
| V 2.0: HTTP GET 400: Req Error - Bad Request | Sub Rule | HTTP 400: Bad Request | Error |
| V 2.0: HTTP GET 401: Req Error - Unauthorized | Sub Rule | HTTP 401: Unauthorized | Error |
| V 2.0: HTTP GET 402: Req Error-Payment Required | Sub Rule | HTTP 402: Request Error - Payment Required | Error |
| V 2.0: HTTP GET 403: Req Error - Forbidden | Sub Rule | HTTP 403: Forbidden | Error |
| V 2.0: HTTP GET 404: Req Error - Not Found | Sub Rule | HTTP 404: Not Found | Error |
| V 2.0: HTTP GET 405: Req Error-Method Not Allowed | Sub Rule | HTTP 405: Request Error - Method Not Allowed | Error |
| V 2.0: HTTP GET 406: Req Error - Not Acceptable | Sub Rule | HTTP 406: Not Acceptable | Error |
| V 2.0: HTTP GET 407: Req Error-Proxy Auth Request | Sub Rule | HTTP 407: Request Error - Proxy Auth Required | Error |
| V 2.0: HTTP GET 408: Req Error -Request Time Out | Sub Rule | HTTP 408: Request Error - Request Time-Out | Error |
| V 2.0: HTTP GET 409: Req Error - Conflict | Sub Rule | HTTP 409: Request Error - Conflict | Error |
| V 2.0: HTTP GET 410: Req Error - Gone | Sub Rule | HTTP 410: Request Error - Gone | Error |
| V 2.0: HTTP GET 411: Req Error - Length Required | Sub Rule | HTTP 411: Request Error - Length Required | Error |
| V 2.0 :HTTP GET 412: Req Error-Precondition Failed | Sub Rule | HTTP 412: Request Error - Precondition Failed | Error |
| V 2.0: HTTP GET 413: Req Error-Req Item Too Big | Sub Rule | HTTP 413: Request Error - Request Item Too Big | Error |
| V 2.0: HTTP GET 414: Req Error-Req URL Too Large | Sub Rule | HTTP 414: Request-URI Too Long | Error |
| V 2.0: HTTP GET 415: Req Error -Unsupported Type | Sub Rule | HTTP 415: Request Error - Unsupported Type | Error |
| V 2.0 :HTTP GET 416: Req Error-Req Rng Unfillable | Sub Rule | HTTP 416: Request Error - Range Unfillable | Error |
| V 2.0: HTTP GET 417: Req Error -Expectation Failed | Sub Rule | HTTP 417: Request Error - Expectation Failed | Error |
| V 2.0: HTTP GET 440: Client Error -Login Timeout | Sub Rule | HTTP 440: Request Error - Login Timeout | Error |
| V 2.0: HTTP GET 500: Svr Err -Internal Server Err | Sub Rule | HTTP 500: Server Error - Internal Server Error | Error |
| V 2.0: HTTP GET 501: Svr Error - Not Implemented | Sub Rule | HTTP 501: Server Error - Not Implemented | Error |
| V 2.0: HTTP GET 502: Svr Error - Bad Gateway | Sub Rule | HTTP 502: Server Error - Bad Gateway | Error |
| V 2.0: HTTP GET 503: Svr Err-Service Unavailable | Sub Rule | HTTP 503: Server Error - Service Unavailable | Error |
| V 2.0: HTTP GET 504: Svr Error -Gateway Time Out | Sub Rule | HTTP 504: Server Error - Gateway Time-Out | Error |
| V 2.0 :HTTP GET 505: Svr Error-HTTP Ver Unsupported | Sub Rule | HTTP 505: Server Error - HTTP Ver Unsupported | Error |
| V 2.0: GET Request | Sub Rule | HTTP GET Method Event | Information |
| V 2.0: POST Request | Sub Rule | HTTP POST Method Event | Information |
| V 2.0: RPC_OUT_DATA: 200 - OK | Sub Rule | HTTP 200: Success Reply - OK | Information |
| V 2.0: RPC_IN_DATA: 404 - Not Found | Sub Rule | HTTP 404: Not Found | Error |
| V 2.0: RPC_OUT_DATA: 404 - Not Found | Sub Rule | HTTP 404: Not Found | Error |
| V 2.0: RPC_IN_DATA: 200 - OK | Sub Rule | HTTP 200: Success Reply - OK | Information |
| V 2.0: PROPFIND Request | Sub Rule | Webdav Protocol PROPFIND Method | Activity |
| V 2.0: HEAD Request | Sub Rule | HTTP Head | Activity |
| V 2.0: HTTP 440: Client Error - Login Timeout | Sub Rule | HTTP 440: Request Error - Login Timeout | Error |
| V 2.0: HTTP 207: Success - Multistatus Response | Sub Rule | HTTP 207: Success - Multistatus Response | Information |
| V 2.0: HTTP 100: Transitional - Continue | Sub Rule | HTTP 100: Transition Status - Continue | Information |
| V 2.0: HTTP 101: Transitional - Protocol Switch | Sub Rule | HTTP 101: Transition Status - Protocol Switch | Information |
| V 2.0: HTTP 200: Success - OK | Sub Rule | HTTP 200: Success Reply - OK | Information |
| V 2.0: HTTP 201: Success - Created | Sub Rule | HTTP 201: Success Reply - Created | Information |
| V 2.0: HTTP 202: Success - Accepted | Sub Rule | HTTP 202: Success Reply - Accepted | Information |
| V 2.0: HTTP 203: Success - Nonauthoritative Info | Sub Rule | HTTP 203: Success Reply - Nonauthoritative Info | Information |
| V 2.0: HTTP 204: Success - No Content | Sub Rule | HTTP 204: Success Reply - No Content | Information |
| V 2.0: HTTP 205: Success - Reset Content | Sub Rule | HTTP 205: Success Reply - Reset Content | Information |
| V 2.0: HTTP 206: Success - Partial Content | Sub Rule | HTTP 206: Success Reply - Partial Content | Information |
| V 2.0: HTTP 300: Redirect - Multiple Choices | Sub Rule | HTTP 300: Redirect - Multiple Choices | Information |
| V 2.0: HTTP 301: Redirect - Moved Permanently | Sub Rule | HTTP 301: Redirect - Moved Permanently | Information |
| V 2.0: HTTP 302: Redirect - Moved Temporarily | Sub Rule | HTTP 302: Redirect - Moved Temporarily | Information |
| V 2.0: HTTP 303: Redirect - See Other | Sub Rule | HTTP 303: Redirect - See Other | Information |
| V 2.0: HTTP 304: Redirect - Not Modified | Sub Rule | HTTP 304: Redirect - Not Modified | Information |
| V 2.0: HTTP 305: Redirect - Use Proxy | Sub Rule | HTTP 305: Redirect - Use Proxy | Information |
| V 2.0: HTTP 306: Redirect - Unused | Sub Rule | HTTP 306: Redirect - Unused | Information |
| V 2.0: HTTP 307: Redirect - Temporary Redirect | Sub Rule | HTTP 307: Redirect - Temporary Redirect | Information |
| V 2.0: HTTP 400: Req Error - Bad Request | Sub Rule | HTTP 400: Request Error - Bad Request | Error |
| V 2.0: HTTP 401: Req Error - Unauthorized | Sub Rule | HTTP 401: Request Error - Unauthorized | Error |
| V 2.0: HTTP 402: Req Error - Payment Required | Sub Rule | HTTP 402: Request Error - Payment Required | Error |
| V 2.0: HTTP 403: Req Error - Forbidden | Sub Rule | HTTP 403: Request Error - Forbidden | Error |
| V 2.0: HTTP 404: Req Error - Not Found | Sub Rule | HTTP 404: Request Error - Not Found | Error |
| V 2.0: HTTP 405: Req Error - Method Not Allowed | Sub Rule | HTTP 405: Request Error - Method Not Allowed | Error |
| V 2.0: HTTP 406: Req Error - Not Acceptable | Sub Rule | HTTP 406: Request Error - Not Acceptable | Error |
| V 2.0: HTTP 407: Req Error -Proxy Auth Requested | Sub Rule | HTTP 407: Request Error - Proxy Auth Required | Error |
| V 2.0: HTTP 408: Req Error - Request Time Out | Sub Rule | HTTP 408: Request Error - Request Time-Out | Error |
| V 2.0: HTTP 409: Req Error - Conflict | Sub Rule | HTTP 409: Request Error - Conflict | Error |
| V 2.0: HTTP 410: Req Error - Gone | Sub Rule | HTTP 410: Request Error - Gone | Error |
| V 2.0: HTTP 411: Req Error - Length Required | Sub Rule | HTTP 411: Request Error - Length Required | Error |
| V 2.0: HTTP 412: Req Error - Precondition Failed | Sub Rule | HTTP 412: Request Error - Precondition Failed | Error |
| V 2.0: HTTP 413: Req Error - Req Item Too Big | Sub Rule | HTTP 413: Request Error - Request Item Too Big | Error |
| V 2.0: HTTP 414: Req Error - Req URL Too Large | Sub Rule | HTTP 414: Request Error - Request-URL Too Large | Error |
| V 2.0: HTTP 415: Req Error - Unsupported Type | Sub Rule | HTTP 415: Request Error - Unsupported Type | Error |
| V 2.0: HTTP 416: Req Error - Req Rng Unfillable | Sub Rule | HTTP 416: Request Error - Range Unfillable | Error |
| V 2.0: HTTP 417: Req Error - Expectation Failed | Sub Rule | HTTP 417: Request Error - Expectation Failed | Error |
| V 2.0: HTTP 500: Svr Error - Internal Server Err | Sub Rule | HTTP 500: Server Error - Internal Server Error | Error |
| V 2.0: HTTP 501: Svr Error - Not Implemented | Sub Rule | HTTP 501: Server Error - Not Implemented | Error |
| V 2.0: HTTP 502: Svr Error - Bad Gateway | Sub Rule | HTTP 502: Server Error - Bad Gateway | Error |
| V 2.0: HTTP 503: Svr Error - Service Unavailable | Sub Rule | HTTP 503: Server Error - Service Unavailable | Error |
| V 2.0: HTTP 504: Svr Error - Gateway Time Out | Sub Rule | HTTP 504: Server Error - Gateway Time-Out | Error |
| V 2.0: HTTP 505: Svr Error - HTTP Ver Unsupporte | Sub Rule | HTTP 505: Server Error - HTTP Ver Unsupported | Error |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| N/A | N/A | N/A | date - The date on which the activity occurred. |
| N/A | N/A | N/A | time - The time, in coordinated universal time (UTC), at which the activity occurred. |
| N/A | <process> | Text/String | s-sitename - The Internet service name and instance number that was running on the client. |
| N/A | <dname> | Text/String | s-computername - The name of the server on which the log file entry was generated. |
| N/A | <dip> | IP Address | s-ip - The IP address of the server on which the log file entry was generated. |
| N/A | <command> <tag1> | Text/String | cs-method - The requested verb; for example, a GET method. |
| N/A | <url> | Text/String | cs-uri-stem - The target of the verb; for example, Default.htm. |
| N/A | <object> | Text/String | cs-uri-query - The query, if any, that the client was trying to perform. A Universal Resource Identifier (URI) query is necessary only for dynamic pages. |
| N/A | <dport> | Number | s-port - The server port number that is configured for the service. |
| N/A | <login> | Text/String | cs-username - The name of the authenticated user that accessed the server. Anonymous users are indicated by a hyphen. |
| N/A | <sip> | IP Address | c-ip - The IP address of the client that made the request. |
| N/A | <version> | Text/String | cs-version - The HTTP protocol version that the client used. |
| N/A | <useragent> | Text/String | cs(User-Agent) - The browser type that the client used. |
| N/A | N/A | N/A | cs(Cookie) - The content of the cookie sent or received, if any. |
| N/A | N/A | N/A | cs(Referer) - The site that the user last visited. This site provided a link to the current site. |
| N/A | N/A | N/A | cs-host - The host header name, if any. |
| N/A | <responsecode> <tag2> | Number | sc-status - The HTTP status code. |
| N/A | N/A | N/A | sc-substatus - The substatus error code. |
| N/A | N/A | N/A | sc-win32-status - The Windows status code. |
| N/A | <bytesin> | Number | sc-bytes - The number of bytes sent by the server. |
| N/A | <bytesout> | Number | cs-bytes - The number of bytes received and processed by the server. |
| N/A | <milliseconds> | Number | time-taken - The length of time that the action took, in milliseconds. |