Adding an IIS server
- Navigate to Settings > Log Source Configuration > Applications.
- In the Application Source Management page, click the + Add IIS server button.
- Click the + icon to browse and add IIS servers.
- If you wish to use the default credentials, select the check-box (Default credentials could be the device or domain or logged on credentials). Alternatively, you can enter a username and password in the credentials field.
- Select the time-zone from the dropdown menu and enter the desired monitoring interval.
The time-zone selected must be the same as that of the IIS server. Also, EventLog Analyzer uses port 445 (TCP) to read IIS log files using the Server Message Block (SMB) protocol.
- Click on + Add Sites. From the list of discovered sites, choose the sites you wish to monitor.
Alternatively, you can manually add a site by entering the site name, protocol, and log file path in the pop-up that appears. Choose the file encoding scheme and schedule the log file rollover.
- Click Add and then Configure to start monitoring the site.
IIS Configuration Change Logs
Configuration change logs are collected in the IIS similar to how logs are collected for Windows. These logs are collected through the Microsoft-IIS-Configuration/Operational event source file.
- Ensure that configuration log has been successfully configured. If not, you must configure it.
- The device that has been configured must be enabled. This can be done in the Manage Devices tab.
- Ensure that the Microsoft-IIS-Configuration/Operational option is enabled in the configure event source file for the device. This option can be enabled in the Manage Devices tab.
- The credentials provided must have the WMI access.