You are Here

Collect IIS Logs with Azure Monitor Agent

Posted on by Tzachi Elkabatz

Purpose:

This article is aimed to help you on how-to setup a Windows VM that runs windows and IIS on top to send a copy of it’s IIS logs to Azure Log Analytics workspace.

Mandatory : MMA Agent installed.

Step by Step guidance: 

Environment : Windows Server 2012 R2

1.Install IIS feature Open PS1 in elevated permission and type:

Install-WindowsFeature -name Web-Server -IncludeManagementTools

2.Adjust Logging

Confirm the below setup:

  • One log file per : Site
  • Format : W3C (other formats are not supported)

Log Event Destination:

  • Log file only

Log File Rollover:

  • Schedule – Hourly

Once you have adjusted the settings as shared above press apply on the actions pane to save changes.

***Make sure the IIS Logs are generating logs with output.

Next step we will need to navigate to Azure Portal and enter our workspace blade in order to turn on the IIS logs collection feature.

Then lets navigate to “Advanced settings”

Under “Advanced settings” navigate to “Data” > “IIS Logs” and mark the check box

Once checked we will need to wait up to 20+ minutes.

To check if logs are sent lets navigate under Azure Portal to Log Analytics workspace and pick the workspace where we have enbaled the IIS collection options. then navigate to the Logs blade.

confirm you see the new table W3CIISLog.

Lets use a the table name to query some output

W3CIISLog | take 10 as shown below

Notes:

  1. It is recommended to set the Log File Rollover Schedule to Hourly. If it’s set to Daily, you may experience spikes in your data since it will only be collected once per day.
  2. Azure Monitor only supports IIS log files stored in W3C format and does not support custom fields or IIS Advanced Logging. It does not collect logs in NCSA or IIS native format.
  3. Configure IIS logs in Azure Monitor from the Advanced Settings menu for the Log Analytics agent. There is no configuration required other than selecting Collect W3C format IIS log files.

Official Microsoft documentation : Collect IIS logs with Log Analytics agent in Azure Monitor – Azure Monitor | Microsoft Docs

I hope you find it useful. 

if you are still facing an issue setting this up. please raise a ticket to our wonderfully Azure Monitor support and an engineer will be happy to assist mitigate the issue.

Thank you , Tzachi Elkabatz

Close Bitnami banner
Bitnami