Getting IIS Logs into DataSet is simple.
You can configure logging on your IIS server to record access log information, requests, and errors. The information here can be sent to DataSet and optimized to work with DataSet features, such as Dashboards and Alerts.
Configure IIS
1. Configure Logging in IIS Start > Run > "InetMgr" > Server > Logging
2. Configure logging directory. This tutorial will assume the default logging location as C:\inetpub\logs\LogFiles
3. Configure the fields you would like to log.
Logging > "Select Fields ..."
Turn on Bytes-Sent and Bytes-Received
This tutorial will assume this configuration - any changes will result in downstream changes to the parser.
Configure your agent
1. Edit the Agent configuration Run as admin > "C:\Program Files (x86)\Scalyr\config\agent.json"
2. Configure the Logs JSON object to point to the IIS location.
Use glob patterns to grab all log files
logs: [ { path: "C:\\\\inetpub\\\\logs\\\\LogFiles\\\\*\\\\*", attributes: {parser: "IIS"} } ],
3. Set the parser to IIS
logs: [ { path: "C:\\\\inetpub\\\\logs\\\\LogFiles\\\\*\\\\*", attributes: {parser: "IIS"} } ],
4. Rename log files
Since we are using a glob pattern, this step will ensure that we have only one log file on DataSet.
logs: [ { path: "C:\\\\inetpub\\\\logs\\\\LogFiles\\\\*\\\\*", attributes: {parser: "IIS"} rename_logfile: "/windows/access.log" } ],
Full configuration
// Configuration for the Scalyr Agent. For help: // // <https://www.scalyr.com/help/scalyr-agent-2> { // Enter a "Write Logs" api key for your account. These are available at <https://www.scalyr.com/keys> api_key: "your-api-key", // Fields describing this server. These fields are attached to each log message, and // can be used to filter data from a particular server or group of servers. server_attributes: { // Fill in this field if you'd like to override the server's hostname. serverHost: "Windows IIS", // You can add whatever additional fields you'd like. // tier: "production" } // Log files to upload to Scalyr. You can use '*' wildcards here. logs: [ { path: "C:\\\\inetpub\\\\logs\\\\LogFiles\\\\*\\\\*", rename_logfile: "/IIS/access.log" attributes: {parser: "IIS"} } ], }
5. View your logs in DataSet. There is no need to restart the agent. Generate traffic by accessing your site.
Troubleshooting Tip: scalyr-agent-2 status -v should help with diagnosing configuration issues with the agent.
Configure the Parser
- Navigate to the IIS Parser If you have logs coming from the IIS server with the above configuration, you should now have a parser named IIS. Go to to https://app.scalyr.com/parsers > IIS > Create
2. Replace the newly created parser with the following
{ // specify a time zone if the timestamps in your log are not in GMT // timezone: "GMT-0800" attributes: { dataset: "accesslog" }, patterns: { tsPattern: "[\\\\d-]+\\\\s[\\\\d:]+" }, formats: [ { format: "$timestamp=tsPattern$ $s-ip$ $cs-method$ $path{parse=uri}$ $cs-uri-query$ $s-port$ $cs-username$ $c-ip$ $User-Agent$ $Referer$ $status$ $sc-substatus$ $sc-win32-status$ $bytes$ $bytes-sent$ $timeMs{parse=milliseconds}$" } ] }
Logs
You should be receiving logs within DataSet
Tip: Checkout "Live Tail" to view logs as they come into DataSet
Dashboards
Once you have edited the parser and generated logs, the information should appear on your WebServer Dashboard.
Comments
0 comments
Please sign in to leave a comment.