Log Service allows you to collect Internet Information Services (IIS) logs and analyze logs in multiple dimensions. You can create Logtail configurations to collect logs. This topic describes how to create a Logtail configuration in IIS mode by using the Log Service console.
Prerequisites
- A project and a Logstore are created. For more information, see Create a project and Create a Logstore.
- The server on which Logtail is installed can connect to port 80 and port 443 of remote servers.
- Logs are generated on the server in the IIS, NCSA Common, or W3C Extended format.
We recommend that you use the W3C Extended log format. If you select the W3C Extended format, you must configure log fields beforehand. To configure log fields, you must select Bytes Sent (sc-bytes) and Bytes Received (cs-bytes) in the W3C Logging Fields dialog box and retain the default settings for other fields.
Procedure
Additional information: Sample logs and field descriptions
The following example shows a sample IIS log:
#Software: Microsoft Internet Information Services 7.5
#Version: 1.0
#Date: 2020-09-08 09:30:26
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken
2009-11-26 06:14:21 W3SVC692644773 125.67.67.* GET /index.html - 80 - 10.10.10.10 Baiduspider+(+http://www.example.com)200 0 64 185173 296 0
- Field prefixes
Prefix Description s- Indicates a server action. c- Indicates a client action. cs- Indicates a client-to-server action. sc- Indicates a server-to-client action. - Fields
Field Description date The date on which the client sends the request. time The point in time at which the client sends the request. s-sitename The Internet service name and instance ID of the site that is visited by the client. s-computername The name of the server on which the log is generated. s-ip The IP address of the server on which the log is generated. cs-method The request method that is used by the client, such as GET or POST. cs-uri-stem The URI in the request. cs-uri-query The query string that follows the question mark (?) in the HTTP request. s-port The port number of the server. cs-username The authenticated domain name or username that is used by the client to access the server. - Authenticated users are indicated in the
Domain\Username
format. - Anonymous users are indicated by a hyphen (-).
c-ip The actual IP address of the client that sends the request. cs-version The protocol version that is used by the client, such as HTTP 1.0 or HTTP 1.1. cs(User-Agent) The browser used by the client. Cookie The content of the cookie that is sent or received. If no cookies are sent or received, a hyphen (-) is displayed. referer The site from which the client is directed. cs-host The host information. sc-status The HTTP status code returned by the server. sc-substatus The HTTP substatus code returned by the server. sc-win32-status The Windows status code returned by the server. sc-bytes The number of bytes sent by the server. cs-bytes The number of bytes received by the server. time-taken The time required to process the request. Unit: milliseconds. - Authenticated users are indicated in the