Collect and centralize your IIS logs with ease. Analyze log data in real-time for improved troubleshooting and a dynamic understanding of your users’ activities.
Why the Sumo Logic App for IIS?
Collect logs from all your IIS servers, custom applications, web application infrastructure, middleware, and operating systems.
Next gen log analysis technology lets you quickly identify and resolve issues with your web applications and site infrastructure.
Get a more in-depth look at how customers interact with your IIS-based web applications and websites and improve the user experience.
Harness Your IIS Logs for Deep Insights
Internet Information Services (IIS) for Windows is a web application server that provides centralized web farm management, delegated remote management, powerful admin tools to help support scalable web infrastructure with dynamic caching and compression capabilities, a rich set of diagnostic tools, enhanced server protection, secure content publishing features, and protection of servers from unauthorized access.
When logging is enabled in its web server configuration, IIS generates log data for anything from media streaming to out-of-the-box web applications to custom web applications. Users adopting the open architecture of IIS thrive on this log data for critical information about user behavior and web application server activity.
IIS logs contain detailed information such as user traffic details including content requests, client access IPs, response codes, client errors, server errors, and response times. Since IIS log files can be very large and challenging to dig into without a tool, log analysis serves a critical purpose in uncovering critical user and web application server insights with ease.
The Next Generation of IIS Log Analysis
The Sumo Logic IIS log analysis tool offers the following features:
- Log centralization
- Real-time analytics
- Continuous monitoring and alerts
- Intuitive dashboarding and reporting
- Advanced machine learning
The centralization of application server logs enables searching, proactive monitoring, and alerting across your entire infrastructure stack – not just within the IIS environment. The ability to query raw log data and add search queries to dashboards in multiple formats – such as pie charts, line charts, bar charts, and more – powers the technology for the visualization of usage trends and other vital events.
Easily create and deliver reports on user activity, troubleshooting, and issue resolution within your IIS web application server.
Complete IIS Log Analysis, Simplified
Sumo Logic’s IIS log analysis app makes it easy to view common IIS server operations details such as,
- Requests by server
- Top 10 slowest pages
- Response times in histogram form
- Response throughputs
- Cumulative response time in percentile
- Response codes over time
In addition, the IIS log analysis app provides immediate and deep traffic insights into requests made to the server over time, top requests by users, top clients, top apps by request, cumulative user and client requests, and more.
As a cloud-based application, Sumo Logic can be deployed in as little as 15 minutes, with no operational overhead. Additionally, with its patented Elastic Log Processing™ indexing and analysis engine, Sumo Logic delivers superior scalability where on-premise solutions fail.
Improve Customer Focus, Analytics, and Troubleshooting
By analyzing IIS logs with Sumo Logic, enterprises can get the data they need to tailor their websites and web applications for better customer engagement. They can improve their operational posture by quickly troubleshooting and resolving web application and website infrastructure issues before they affect their customers.
Capabilities of the Sumo Logic IIS Log Analysis application include:
- Centralizing IIS data effortlessly through a HTTP collector.
- Parsing and indexing data in for analysis in real-time.
- Visualizing complex transactional relationships.
- Troubleshooting production issues in real time.
- Gathering application and usage trends and behaviors.
Through the LogReduce and PushAnalytics technologies, Sumo Logic proactively discovers behaviors and patterns hidden in massive amounts of machine data and alerts customers in real time, delivering both IT value and business insight.
Parsed IIS Fields
The Microsoft IIS parser extracts and labels the following fields:
For details on setting fields to log, see this Microsoft Technet documentation.
Note that the Microsoft IIS parser assumes that logs are provided in the default IIS W3C format for IIS 7.0.
How Do You Write IIS Parser Queries
IIS is great for log management tools because the logging format is clean, logically separated, and often listed at the top of the file. However, IIS also makes it incredibly easy to change which fields are included in the log, as well as their order. This means that writing IIS log parser queries can be a very case-by-case ordeal.
Sumo does provide some default Field Extraction Templates that mitigate some of this variability, but fortunately there’s an easy trick to making sure your IIS logs are easy to parse. After ingesting your logs into Sumo, run a search with the following query:
This will give you the header row for your IIS log. Copy this row and replace the hyphens and parentheses with underscores, and the spaces with “, “. Your end result should look like this:
time, c_ip, cs_method, cs_uri_stem, sc_status, cs_version
This can now be pasted onto the end of a space separated parse anchor query, like the following:
_sourceCategory=IIS | parse “* * * * * *” as time, c_ip, cs_method, cs_uri_stem, sc_status, cs_version
Ta da! IIS log parsing done in under 2 minutes.
IIS Log Parsing for PCI Compliance
PCI compliance looks at your organization’s security and infrastructure from many different perspectives, one of which is PCI DSS requirement 10: “Track and monitor all access to network resources and cardholder data.”
The purpose of this requirement is to ensure access to your credit card holding systems are monitored at all times, and that in the event of a breach, access and events can be thoroughly traced and blocked. Maintaining 12 months of logs and quickly searching those logs is an enormous task, especially when viewing your entire portfolio of disparate systems across multiple environments, potentially around the world.
Microsoft IIS logs provide a record of access and events to help proactively identify suspicious user behavior and strengthen your security posture.
Once your logs are in the Sumo Logic cloud, you can create reports, dashboards and real-time alerts that notify you of events specific to your PCI environment.
Visualizing this data on a geomap helps to quickly identify incoming requests from unexpected regions that may require further investigation.
Next Gen Log Analytics Technology
Check out the demo of Sumo Logic’s next generation of log analytics capabilities and learn how they can improve your team’s log management and analysis workflow.
Other Sumo Apps
Sumo Logic Apps help you quickly gain visibility into your applications and infrastructure by providing preconfigured searches and dashboards for your most popular data sources.See the full list