topic Re: Monitor Windows IIS Log File in Getting Data In

Monitor Windows IIS Log File

willadams — Wed, 30 Sep 2020 01:20:53 GMT

I am not sure where I have gone wrong but I am trying to take in logs from a number of IIS web servers. The log files for each server doesn't maintain defaults depending on the website. Some services write default logs (i.e. c\inetpub\wwwroot\logs\w3svc*\something.log where other services are using D:\Logs\W3SVC*\something.log.

I created a deployment app to extract the log file using a direct path and this works correctly.

[monitor://D:\Logs\IIS\W3SVC3\*.log]
index=web_iis
sourcetype=iis

However I tried to break this out so that I could monitor all drives and try and do a recursive search for a folder to pick up the same log. I tried the following configuration (same index / source type so not added below)

[monitor:[A-Z]:*\Logs*.log] <-- this doesn't work
[monitor:\...\Logs\.log] <-- this doesn't work
[monitor:[A-Z]:\...\W3SVC\*.log <-- this doesn't work

Is there anyway to get this to work so I can recursively search through whatever drives are on the system for a log file that I expect in W3SVC*?

Re: Monitor Windows IIS Log File

gcusello — Fri, 19 Jul 2019 15:07:07 GMT

Hi willadams,
if you don't have too much paths to monitor, did you tried to use more stanzas?
e.g.:

[monitor://c\inetpub\wwwroot\logs\w3svc*\something.log]
...
[monitor://D:\Logs\W3SVC*\something.log]
...

In this way only one stanza will read your logs but you have in only one inpus.conf all the paths to monitor.

Bye.
Giuseppe

Re: Monitor Windows IIS Log File

willadams — Sat, 20 Jul 2019 01:34:54 GMT

I thought of doing multi monitors in a single stanza but I was trying to account for the unknown as unfortunately depending on the website admin depends on where they would of put the logs. I could take the approach of monitoring the standard IIS path but fear this will miss out key information. I had intended to quote some script to detect the iis log configuration on each server and create an input with these paths but was trying to find something that could takethis into account for current and new systems that came along.

Re: Monitor Windows IIS Log File

willadams — Sat, 20 Jul 2019 01:40:39 GMT

If I interrogate this registry entry (HKLM\SOFTWARE\Microsoft\WebManagement\Server\LoggingDirectory (REG_SZ)) then the single stanza monitoring could be constructed but where there are multiple websites with potentially multiple log locations on a single box this is where it becomes an administration overhead once the one query to sit then all.