Log Service allows you to collect Internet Information Services (IIS) logs and perform multidimensional log analysis. This topic describes how to configure Logtail in IIS mode in the Log Service console to collect logs.
Prerequisites
- A project and a Logstore are created. For more information, see Create a project and Create a Logstore.
- Ports 80 and 443 of the server from which you want to collect logs are enabled.
- Logs are generated on the server in the IIS, NCSA Common, or W3C Extended format.
We recommend that you use the W3C Extended log format. If you select the W3C Extended format, you must configure the fields in the W3C Logging Fields dialog box. To do so, you must select Bytes Sent (sc-bytes) and Bytes Received (cs-bytes) and use the default settings for other fields.
Procedure
Appendix: Sample logs and field descriptions
The following example shows how to obtain IIS logs in the IIS W3C Extended Log Format:
#Software: Microsoft Internet Information Services 7.5
#Version: 1.0
#Date: 2020-09-08 09:30:26
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken
2009-11-26 06:14:21 W3SVC692644773 125.67.67. * GET /index.html - 80 - 10.10.10.10 Baiduspider+(+http://www.baidu.com)200 0 64 185173 296 0
- Field prefixes
Prefix Description s- Indicates a server action. c- Indicates a client action. cs- Indicates a client-to-server action. sc- Indicates a server-to-client action. - Fields
Field Description date The date on which the client sends the request. time The time when the client sends the request. s-sitename The Internet service name and instance number of the site visited by the client. s-computername The name of the server on which the log entry is generated. s-ip The IP address of the server on which the log entry is generated. cs-method The HTTP request method used by the client, for example, GET or POST. cs-uri-stem The URI resource requested by the client. cs-uri-query The query string that follows the question mark (?) in the HTTP request. s-port The port number of the server. cs-username The username that the client uses to access the server. - Authenticated users are referenced as
domain\username
. - Anonymous users are indicated by a hyphen (-).
c-ip The real IP address of the client that sends the request. cs-version The protocol version used by the client, for example, HTTP 1.0 or HTTP 1.1. cs(User-Agent) The browser used by the client. Cookie The content of the sent cookie or received cookie. A hyphen (-) is used if no cookie is sent or received. referer The previous site visited by the user. cs-host The header name of the host. sc-status The HTTP status code returned by the server. sc-substatus The HTTP sub-status code returned by the server. sc-win32-status The Windows status code returned by the server. sc-bytes The number of bytes sent by the server. cs-bytes The number of bytes received by the server. time-taken The processing time of the request. Unit: milliseconds. - Authenticated users are referenced as