Adding an IIS server

    Last updated on:

    Prerequisite for adding an IIS server

    When configuring IIS log source in EventLog Analyzer for the first time, administrative privileges are required. (Administrator shares privileges are required eg : Admin$,c$ )

    iis-server
    1. Navigate to Settings > Log Source Configuration > Applications.
    2. In the Application Source Management page, click the + Add IIS server button.
    3. Click the + icon to browse and add IIS servers.
    4. If you wish to configure log collection, select the check box Configuration Log Monitoring.
    5. You can choose to use default credentials, or enter the Username and Password for the IIS Server in the credentials field.
    6. Select the Time Zone from the dropdown menu and enter the desired Monitoring Interval.
      Note The time-zone selected must be the same as that of the IIS server. Also, EventLog Analyzer uses port 445 (TCP) to read IIS log files using the Server Message Block (SMB) protocol.
    7. You can use separate credentials for configuring log collection.
    8. Click on + Add Sites. From the list of discovered sites, choose the sites you wish to monitor
      iis-server

      9. Alternatively, you can manually add a site by entering the site name, protocol, and log file path in the pop-up that appears. Choose the file encoding scheme and schedule the log file rollover.

      iis-server

      Click Add and then Configure to start monitoring the site.

    Note Once the initial configuration is complete, the account can be modified to be used as a service account.

    Configuring an IIS site for non-admin users

    Note Any Configuration Changes made in IIS Manager will not be synced on next scheduling if non admin credentials is used

    Steps to configure the IIS site in EventLog Analyzer for non-admin users:

    1. In the IIS server, navigate to the C directory (Note: The default location may vary)
      iis-server
    2. Right-click inetpub and select Give access to → Specific people.
      iis-server
    3. Add the service account user with read permission level and click on Share
      iis-server
    4. If the pop-up occurs, click on Don't change settings.
      iis-server
    5. Navigate to inetpub → logs → properties → Security → add the service account with read access permission. (Note: The default location may vary)
      iis-server
      6. Note Ensure that both the main folder (inetpub) and only the folder and sub-folder with the logs have the required permissions for the service account, as sometimes only the main folder gets the necessary privileges.
    6. Navigate to EventLog Analyzer console → Settings → Application → IIS site, Enter the Username and password of service account (Do not verify the credentials - when you do it will display verification failed) > Add site
      iis-server
      iis-server
    7. Enter the IIS site name, path → Add and configure
      iis-server

    IIS Configuration Change Logs

    Configuration change logs are collected in the IIS similar to how logs are collected for Windows. These logs are collected through the Microsoft-IIS-Configuration/Operational event source file.

    Troubleshooting steps:

    1. Ensure that configuration log has been successfully configured. If not, you must configure it.
    2. The device that has been configured must be enabled. This can be done in the Manage Devices tab.
    3. Ensure that the Microsoft-IIS-Configuration/Operational option is enabled in the configure event source file for the device. This option can be enabled in the Manage Devices tab.
    4. The Configuration log monitoring credential provided must have the WMI access.
      5. iis-server