Editar

Compartilhar via

Collect IIS logs from virtual machine with Azure Monitor

  • Artigo

Internet Information Services (IIS) stores user activity in log files that can be collected by Azure Monitor agent using a data collection rule (DCR) with a IIS Logs data source. Details for the creation of the DCR are provided in Collect data from VM client with Azure Monitor. This article provides additional details for the IIS logs data source type.

Configure IIS log data source

Create the DCR using the process in Collect data from virtual machine client with Azure Monitor. On the Collect and deliver tab of the DCR, select IIS Logs from the Data source type dropdown. You only need to specify a file pattern to identify the directory where the log files are located if they are stored in a different location than configured in IIS. In most cases, you can leave this value blank.

Screenshot that shows the Azure portal form to select basic performance counters in a data collection rule.

Add destinations

IIS logs can only be sent to a Log Analytics workspace where it's stored in the W3CIISLog table. Add a destination of type Azure Monitor Logs and select a Log Analytics workspace.

Screenshot that shows configuration of an Azure Monitor Logs destination in a data collection rule.

Verify data collection

To verify that data is being collected, check for records in the W3CIISLog table. From the virtual machine or from the Log Analytics workspace in the Azure portal, select Logs and then click the Queries button. Under the Virtual machines category, click Run next to List IIS Log entries.

Screenshot that shows records returned from W3CIISLog table.

Configure collection of IIS logs on client

Before you can collect IIS logs from the machine, you must ensure that IIS logging has been enabled and is configured correctly.

  • The IIS log file must be in W3C format and stored on the local drive of the machine running the agent.
  • Each entry in the log file must be delineated with an end of line.
  • The log file must not use circular logging, which overwrites old entries.
  • The log file must not use renaming, where a file is moved and a new file with the same name is opened.

The default location for IIS log files is C:\inetpub\logs\LogFiles\W3SVC1. Verify that log files are being written to this location or check your IIS configuration to identify an alternate location. Check the timestamps of the log files to ensure that they're recent.

Screenshot of IIS logging configuration dialog box on agent machine.

Note

The X-Forwarded-For custom field is not currently supported. If this is a critical field, you can collect the IIS logs as a custom text log.

Troubleshooting

Go through the following steps if you aren't collecting data from the IIS log that you're expecting.

  • Verify that IIS logs are being created in the location you specified.
  • Verify that IIS logs are configured to be W3C formatted.
  • See Verify operation to verify whether the agent is operational and data is being received.

Next steps