Free Trial

Sumo Logic App for IIS

Monitor and analyze your IIS logs in real-time

Collect and centralize your IIS logs with ease. Analyze log data in real-time for improved troubleshooting and a dynamic understanding of your users’ activities.

Why the Sumo Logic App for IIS?

Effortless collection.

Collect logs from all your IIS servers, custom applications, web application infrastructure, middleware, and operating systems.

Easy Troubleshooting.

Next gen log analysis technology lets you quickly identify and resolve issues with your web applications and site infrastructure.

Comprehensive Insights.

Get a more in-depth look at how customers interact with your IIS-based web applications and websites and improve the user experience.

Harness Your IIS Logs for Deep Insights

Internet Information Services (IIS) for Windows is a web application server that provides centralized web farm management, delegated remote management, powerful admin tools to help support scalable web infrastructure with dynamic caching and compression capabilities, a rich set of diagnostic tools, enhanced server protection, secure content publishing features, and protection of servers from unauthorized access.

When logging is enabled in its web server configuration, IIS generates log data for anything from media streaming to out-of-the-box web applications to custom web applications. Users adopting the open architecture of IIS thrive on this log data for critical information about user behavior and web application server activity.

IIS logs contain detailed information such as user traffic details including content requests, client access IPs, response codes, client errors, server errors, and response times. Since IIS log files can be very large and challenging to dig into without a tool, log analysis serves a critical purpose in uncovering critical user and web application server insights with ease.

The Next Generation of IIS Log Analysis

The Sumo Logic IIS log analysis tool offers the following features:

  • Log centralization
  • Real-time analytics
  • Continuous monitoring and alerts
  • Intuitive dashboarding and reporting
  • Advanced machine learning

The centralization of application server logs enables searching, proactive monitoring, and alerting across your entire infrastructure stack – not just within the IIS environment. The ability to query raw log data and add search queries to dashboards in multiple formats – such as pie charts, line charts, bar charts, and more – powers the technology for the visualization of usage trends and other vital events.

Easily create and deliver reports on user activity, troubleshooting, and issue resolution within your IIS web application server.

Complete IIS Log Analysis, Simplified

Sumo Logic’s IIS log analysis app makes it easy to view common IIS server operations details such as,

  • Requests by server
  • Top 10 slowest pages
  • Response times in histogram form
  • Response throughputs
  • Cumulative response time in percentile
  • Response codes over time

In addition, the IIS log analysis app provides immediate and deep traffic insights into requests made to the server over time, top requests by users, top clients, top apps by request, cumulative user and client requests, and more.

As a cloud-based application, Sumo Logic can be deployed in as little as 15 minutes, with no operational overhead. Additionally, with its patented Elastic Log Processing™ indexing and analysis engine, Sumo Logic delivers superior scalability where on-premise solutions fail.

Improve Customer Focus, Analytics, and Troubleshooting

By analyzing IIS logs with Sumo Logic, enterprises can get the data they need to tailor their websites and web applications for better customer engagement. They can improve their operational posture by quickly troubleshooting and resolving web application and website infrastructure issues before they affect their customers.

Capabilities of the Sumo Logic IIS Log Analysis application include:

    • Centralizing IIS data effortlessly through a HTTP collector.
    • Parsing and indexing data in for analysis in real-time.
    • Visualizing complex transactional relationships.
    • Troubleshooting production issues in real time.
    • Gathering application and usage trends and behaviors.

Through the LogReduce and PushAnalytics technologies, Sumo Logic proactively discovers behaviors and patterns hidden in massive amounts of machine data and alerts customers in real time, delivering both IT value and business insight.

Parsed IIS Fields

The Microsoft IIS parser extracts and labels the following fields:

  • c_ip
  • cs_method
  • cd_uri_query
  • cs_uri_stem
  • cs_user_agent
  • cs_username
  • s_ip
  • s_port
  • sc_status
  • sc_substatus
  • sc_win32_status
  • time_taken

For details on setting fields to log, see this Microsoft Technet documentation.

Note that the Microsoft IIS parser assumes that logs are provided in the default IIS W3C format for IIS 7.0.

How Do You Write IIS Parser Queries

IIS is great for log management tools because the logging format is clean, logically separated, and often listed at the top of the file. However, IIS also makes it incredibly easy to change which fields are included in the log, as well as their order. This means that writing IIS log parser queries can be a very case-by-case ordeal.

Sumo does provide some default Field Extraction Templates that mitigate some of this variability, but fortunately there’s an easy trick to making sure your IIS logs are easy to parse. After ingesting your logs into Sumo, run a search with the following query:

#Fields

This will give you the header row for your IIS log. Copy this row and replace the hyphens and parentheses with underscores, and the spaces with “, “. Your end result should look like this:

time, c_ip, cs_method, cs_uri_stem, sc_status, cs_version

This can now be pasted onto the end of a space separated parse anchor query, like the following:

_sourceCategory=IIS | parse “* * * * * *” as time, c_ip, cs_method, cs_uri_stem, sc_status, cs_version

Ta da! IIS log parsing done in under 2 minutes.

IIS Log Parsing for PCI Compliance

PCI compliance looks at your organization’s security and infrastructure from many different perspectives, one of which is PCI DSS requirement 10: “Track and monitor all access to network resources and cardholder data.”

The purpose of this requirement is to ensure access to your credit card holding systems are monitored at all times, and that in the event of a breach, access and events can be thoroughly traced and blocked. Maintaining 12 months of logs and quickly searching those logs is an enormous task, especially when viewing your entire portfolio of disparate systems across multiple environments, potentially around the world.

Microsoft IIS logs provide a record of access and events to help proactively identify suspicious user behavior and strengthen your security posture.

Once your logs are in the Sumo Logic cloud, you can create reports, dashboards and real-time alerts that notify you of events specific to your PCI environment.

Visualizing this data on a geomap helps to quickly identify incoming requests from unexpected regions that may require further investigation.

Next Gen Log Analytics Technology

Check out the demo of Sumo Logic’s next generation of log analytics capabilities and learn how they can improve your team’s log management and analysis workflow.

Other Sumo Apps

Sumo Logic Apps help you quickly gain visibility into your applications and infrastructure by providing preconfigured searches and dashboards for your most popular data sources.

See the full list
Sumo Logic App for Artifactory
Gain real-time continuous intelligence from development to...
Sumo Logic App for MongoDB
Monitor, optimize and secure your MongoDB deployments in...
Sumo Logic App for Data Volume
The Sumo Logic App for Data Volume allows you to view at a...
aws logo Sumo Logic App for AWS
New tools and services designed for the volume, variety and...
Sumo Logic Integrated Threat Intelligence
Powered by CrowdStrike, increase velocity & accuracy of...
Mac OSX Log Analyzer Mac OS X Log Analyzer
With the Sumo Logic App for Mac OS X, you can centralize and...
Sumo Logic App for AWS Lambda
With Sumo Logic’s cloud-native data analytics...
AWS CloudTrail Sumo Logic App for AWS CloudTrail
Feed your AWS CloudTrail data into the Sumo Logic service to...
Sumo Logic App for Azure Audit
Ingest your Microsoft Azure Audit Log and Active Directory...
Sumo Logic App for Azure Network Watcher
Ingest your Microsoft Azure Audit Log and Active Directory...
Amazon CloudFront Sumo Logic App for Amazon CloudFront
Analyze and correlate your AWS CloudFront data with the origin...
AWS Elastic Load Balancing Sumo Logic App for AWS Elastic Load Balancing
Analyze raw AWS ELB data to determine latency and optimize...
Amazon Simple Storage (Amazon S3) Sumo Logic App for Amazon S3
Examine critical elements of your S3 service including access...
vpc flow logo Sumo Logic App for Amazon VPC Flow
Feed your VPC Flow Logs directly into the Sumo Logic...
Sumo Logic App for Azure Web Apps
Feed your VPC Flow Logs directly into the Sumo Logic...
Amazon Inspector Sumo Logic App for Amazon Inspector
Feed your VPC Flow Logs directly into the Sumo Logic...
Sumo Logic App for Evident.io Evident Security Platform (ESP)
Feed your VPC Flow Logs directly into the Sumo Logic...
Sumo Logic App for OneLogin
Feed your VPC Flow Logs directly into the Sumo Logic...
Amazon Kinesis logo Amazon Kinesis Connector
The Sumo Logic AWS Kinesis Connector enables real-time AWS...
AWS Config Sumo Logic App for AWS Config
The Sumo Logic app for AWS Config delivers real-time...
Sumo Logic App for Salesforce
The Sumo Logic App for Salesforce helps provide visibility...
Sumo Logic App for Trend Micro Deep Security
The Sumo Logic App for Trend Micro Deep Security helps provide...
Sumo Logic App for Zscaler Web Security
The Sumo Logic App for Zscaler Web Security helps provide...
CrowdStrike Logo Sumo Logic App for CrowdStrike Falcon Platform
See how the Sumo Logic App integrates with CrowdStrike Falcon...
Sumo Logic App for Office 365
The Sumo Logic App for Office 365 helps provide visibility...
Sumo Logic App for Github
Use the Sumo Logic App for GitHub to gather key metrics on...
docker logo Sumo Logic App for Docker
Sumo Logic delivers a comprehensive strategy for monitoring...
PCI Compliance App Framework
With ready-made Dashboards that monitor each aspect of PCI...
Sumo Logic App for Akamai
Content Delivery Networks such as Akamai enable enterprises to...
Fastly Logo Sumo Logic App for Fastly
Content Delivery Networks such as Fastly enable enterprises to...
Sumo Logic App for Box
Sumo Logic Application for Box helps you monitor both end user...
Sumo Logic App for Linux
Sumo Logic application for Linux helps you troubleshoot and...
Sumo Logic App for Google
App for Google Apps allows you to monitor and analyze all of...
Sumo Logic App for Nginx
Identify application and service performance issues such as...
Sumo Logic App for Apache
Centralize, analyze, and visualize the performance and...
Sumo Logic App for Apache Tomcat
Sumo Logic App for Apache Tomcat monitors server operations,...
Windows logo Sumo Logic App for Windows
Windows Server events contain valuable information related to...
Sumo Logic App for Windows Performance
Sumo Logic App for Windows Performance provides insight into...
Sumo Logic App for IIS
Sumo Logic application for IIS log files helps administrators...
Sumo Logic App for Cisco
In today’s increasingly distributed enterprise environments,...
Sumo Logic Preview App for Observable Networks
Sumo Logic App for Observable Networks allows you to monitor...
Sumo Logic App for MySQL
Aggregate your MySQL logs into the Sumo Logic service and get...
Sumo Logic Preview App for Microsoft SQL Server
Sumo Logic App for Microsoft SQL Server provides insight into...
Sumo Logic App for Microsoft Windows Active Directory
Through the Sumo Logic application for Active Directory, IT...
Sumo Logic Preview App for PagerDuty
Sumo Logic App for PagerDuty collects incident messages from...
Sumo Logic App for VMware
Collect and centralize logs from the entire VMware...
Sumo Logic App for Varnish
Identify traffic sources and most requested products and...
Sumo Logic App for Palo Alto Networks
Palo Alto Networks firewalls provide visibility and granular...
Sumo Logic Quickstart
Whether you are new to log management or plan to migrate from...
ServiceNow Integration
The industry-leading partnership between Sumo Logic and...
Aqua Integration
With Scalock, you can secure your container environment...
ExtraHop Integration
ExtraHop’s wire data analytics platform provides a rich...
Heroku Integration
Sumo Logic provides an integration for Heroku that fully...
Slack Integration
Send alerts from scheduled search as a post to a Slack...
HipChat Integration
Webhook Connections for HipChat allow you to send scheduled...

Get Started Today!

Sign up for your FREE Sumo Logic Trial.

Free Trial
Sign up for your 30 day free trial!
Sign up for
Sumo Logic Free
  • No credit card required to sign-up
  • Create your account in minutes
  • No expiration date
  • After 30 day trial period, reverts to Sumo Logic Free
    View All Pricing Options Privacy Policy