![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 20%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOV%3C/text%3E%3C/svg%3E)
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,428 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 32%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Hi Ondrej Vendeg Welcome Microsoft Q&A Forum!
To handle log collection from multiple sites on the same server, particularly with IIS, you can use strategies that ensure each log entry is identifiable by its originating site.
1.IIS lets you configure separate log file locations for each site, with logs stored in subfolders named W3SVC, where is the site ID, to improve clarity and organization.
2.In IIS Manager, go to each website's "Logging" settings and set a unique log file path for each site to store logs in separate directories for easier traceability.
3.Consider using tools like Graylog, Splunk, or Sumo Logic to aggregate logs from multiple sources, tag and filter logs by site identifiers, and analyze them without confusion.
4.Set up a logging agent like Filebeat or Logstash on the server to collect logs from each site's log folder and send them to a centralized solution, including metadata for easy filtering by site ID or name.
5.If you prefer to keep logs in a single table like W3CIISLog, you can modify the logging configuration to include unique identifiers
6.Modify your logging configuration to add a custom field, like site_id or site_name, to each log entry for easy filtering later.
7.Set up a cron job that runs at regular intervals (e.g., every minute) to copy and merge logs from different sites into one file while sorting them by timestamp. This method ensures that you maintain chronological order across entries from different sites
8.Employ tools that can parse and analyze your combined log files effectively. These tools can provide dashboards and reports that help visualize traffic patterns and identify issues specific to each site
Refer: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/tables/w3ciislog https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-iis-logs https://devops.stackexchange.com/questions/12046/logging-monitoring-on-multiple-servers https://discuss.elastic.co/t/logstash-collecting-logs-from-multiple-servers/143682/4 https://www.crowdstrike.com/en-us/cybersecurity-101/observability/iis-logs/ https://www.sumologic.com/blog/iis-log-files-location/