Deploying LOGIQ
INTEGRATIONS
LOGIQ Monitoring
Vewing Logs
ANOMALY DETECTION
COMPLIANCE
LOGIQ STREAMING
LOGIQ Configuration
Log Ingest configuration
IIS Logs on Windows
The IIS events in Microsoft Windows systems are deposited in file and ASCII text format. The document describes how to install and configure fluent-bit to collect these events
Create IIS Config for fluent-bit
You can download an example configuration for IIS below. Please make sure to edit the config so the correct host and token are provided. Also if your IIS service is generating logs to a different path, please make sure to edit the path where the logs are located as well.
Also, make sure to edit the parsers.conf path to the folder where you installed your fluent-bit agent.
1
[SERVICE]
2
Parsers_file C:\test\td-agent-bit-1.8.6-win64\conf\parsers.conf
3
Log_Level error
4
​
5
[INPUT]
6
Name tail
7
Parser iis
8
Path C:\\inetpub\logs\\LogFiles\\W3SVC1\\u_ex*.log
9
Path_Key On
10
Tag logiq
11
Buffer_Max_Size 1024k
12
Read_from_Head On
13
​
14
[FILTER]
15
Name record_modifier
16
Match logiq
17
Record cluster_id iiscluster
18
Record namespace iisnamespace
19
Record app_name iisappname
20
Record hostname iishostname
21
​
22
[OUTPUT]
23
Name http
24
Match *
25
Host <host>
26
Port 443
27
URI /v1/json_batch
28
Format json
29
tls on
30
tls.verify off
31
net.keepalive off
32
compress gzip
33
Header Authorization Bearer <Ingest token>
Copied!
IIS parsers.conf
1
[PARSER]
2
# http://rubular.com/r/tjUt3Awgg4
3
Name iis
4
Format regex
5
Regex ^(?<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:[\d\.]+) (?<message>.*)$|^(?<raw_message>.*)$
6
Time_Key timestamp
7
Time_Keep On
8
Time_Format %Y-%m-%d %H:%M:%S
Copied!
Multiple Source Fluent-bit Configuration
Fluent-bit service can gather data sources from multiple locations such as log files from a different directory. There can be multiple [INPUT] and [FILTER] section blocks within a td-fluent.conf file and each [INPUT] and [FILTER] block is linked via [INPUT] Tag and [FILTER] Matching pairs. Below shows an example partial configuration file.
1
​
2
​
3
...
4
​
5
[INPUT]
6
Name tail
7
Parser iis
8
Path C:\\inetpub\logs\\LogFiles\\W3SVC1\\u_ex1311.log
9
Path_Key On
10
Tag logiq1
11
Buffer_Max_Size 1024k
12
Read_from_Head On
13
​
14
[INPUT]
15
Name tail
16
Parser iis
17
Path C:\\inetpub\logs\\LogFiles\\W3SVC1\\u_ex1312.log
18
Path_Key On
19
Tag logiq2
20
Buffer_Max_Size 1024k
21
Read_from_Head On
22
​
23
[FILTER]
24
Name record_modifier
25
Match logiq1
26
Record cluster_id iiscluster1
27
Record namespace iisnamespace1
28
Record app_name iisappname1
29
Record hostname iishostname1
30
​
31
[FILTER]
32
Name record_modifier
33
Match logiq2
34
Record cluster_id iiscluster2
35
Record namespace iisnamespace2
36
Record app_name iisappname2
37
Record hostname iishostname2
38
​
39
....
40
​
41
​
42
​
Copied!
Install and Enable Windows Fluent-bit Service
Follow the steps in Installing fluent-bit for windows to setup your fluent-bit agent and service. Use the modified config file above to match your environment during the setup process.
Fluent-bit service will automatically started upon the end of the script installation. However, one can use Windows service mangement tool to control its state. Below show how to start the Windows service tool GUI.
After the Windows Service tool got enabled, one can scroll the service list to Fluent-bit service and right-click the mouse to change the Fluent-bit Start/Stop/Restart state; see below.
Example Ingested IIS Logs
Last modified 3mo ago