Microsoft IIS for Windows 2008
- What is Discovered and Monitored
- Event Types
- Configuration
- Setting Access Credentials
- Sample IIS Syslog
What is Discovered and Monitored
Protocol |
Information discovered |
Metrics collected |
Used for |
---|---|---|---|
SNMP |
Application type |
Process level metrics: CPU utilization, memory utilization |
Performance Monitoring |
WMI |
Application type, service mappings |
Process level metrics: uptime, CPU Utilization, Memory utilization, Read I/O, Write I/O IIS metrics: Current Connections, Max Connections, Sent Files, Received Files, Sent Bytes, Received Bytes, ISAPI Requests, Not Found Errors |
Performance Monitoring |
Windows Agent |
Application type |
W3C access logs: attributes include IIS Service Instance, Client IP, URL, User Agent, Referrer, HTTP Version, HTTP Method, HTTP Status Code, Sent Bytes, Received Bytes, Connection Duration |
Security Monitoring and compliance |
Event Types
In ADMIN > Device Support > Event Types, search for "microsoft iis" to see the event types associated with this device.
Configuration
SNMP
See SNMP Configurations in the Microsoft Windows Server Configuration section.
WMI
See WMI Configurations in the Microsoft Windows Server Configuration section.
FortiSIEM Windows Agent
For information on configuring IIS for FortiSIEM Windows Agent, see Collecting Windows IIS Logs from Microsoft Windows Server via Agents.
Setting Access Credentials
See Setting Access Credentials in the Microsoft Windows Server Configuration section.
Sample IIS Syslog
<13>Oct 9 12:19:05 ADS-Pri.ACME.net IISWebLog 0 2008-10-09 19:18:43 W3SVC1 ADS-PRI 192.168.0.10 GET /iisstart.htm - 80 - 192.168.20.80 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.3)+Gecko/2008092417+Firefox/3.0.3 - - 192.168.0.10 200 0 0 2158 368 156 <46>Mar 29 12:21:03 192.168.0.40 FTPSvcLog 0 2010-03-29 19:20:32 127.0.0.1 - MSFTPSVC1 FILER 127.0.0.1 21 [1]PASS IEUser@ - 530 1326 0 0 0 FTP - - - -