IIS Advanced Logging Forward to Syslog
logparser has the ability to insert into syslog
type logparser -h -o:syslog
Wrap into a batch file or powershell script. That is one option.
Examples:
Send error entries in the IIS log to a SYSLOG server:
LogParser "SELECT TO_TIMESTAMP(date,time), CASE sc-status WHEN 500 THEN
'emerg' ELSE 'err' END AS MySeverity, s-computername AS MyHostname,
cs-uri-stem INTO @myserver FROM <1> WHERE sc-status >= 400" -o:SYSLOG
-severity:$MySeverity -hostName:$MyHostname
Related videos on Youtube
08 : 03
03 : 45
09 : 46
06 : 14
01 : 38
John
Just a random person looking for ways to expand my knowledge and passion for technology.
Updated on September 18, 2022Comments
-
John almost 2 years
I am looking for a method that would allow us to forward the IIS Advanced Logging logs to a centralized log source via syslog or something similar. We are able to perform this currently for the regular IIS logs with Snare; however it does not work the same for IIS Advanced Logging.
The default file path is different for IIS Advanced Logging (%SystemDrive%\inetpub\logs\AdvancedLogs) and it appears that the file names are based upon the UTC time, see here, and not the local date and time that you can specify with regular logging. This also creates and issue for developing some type of wildcard rule if we wanted to test this with Snare. Any ideas are welcome.
-
John over 11 yearsWe are currently using Snare successfully for the regular IIS logs. However, I am not able to figure out the syntax to have it match on the Advanced IIS Logs since it appears to be using some random method for how it writes out the file names. Any ideas would be appreciated.