Fortinet white logo
Fortinet white logo

External Systems Configuration Guide

Microsoft IIS for Windows 2008

Microsoft IIS for Windows 2008

What is Discovered and Monitored

Protocol

Information discovered

Metrics collected

Used for

SNMP

Application type

Process level metrics: CPU utilization, memory utilization

Performance Monitoring

WMI

Application type, service mappings

Process level metrics: uptime, CPU Utilization, Memory utilization, Read I/O, Write I/O

IIS metrics: Current Connections, Max Connections, Sent Files, Received Files, Sent Bytes, Received Bytes, ISAPI Requests, Not Found Errors

Performance Monitoring

Windows Agent

Application type

W3C access logs: attributes include IIS Service Instance, Client IP, URL, User Agent, Referrer, HTTP Version, HTTP Method, HTTP Status Code, Sent Bytes, Received Bytes, Connection Duration

Security Monitoring and compliance

Event Types

In ADMIN > Device Support > Event Types, search for "microsoft iis" to see the event types associated with this device.

Configuration

SNMP

See SNMP Configurations in the Microsoft Windows Server Configuration section.

WMI

See WMI Configurations in the Microsoft Windows Server Configuration section.

FortiSIEM Windows Agent

For information on configuring IIS for FortiSIEM Windows Agent, see Collecting Windows IIS Logs from Microsoft Windows Server via Agents.

Setting Access Credentials

See Setting Access Credentials in the Microsoft Windows Server Configuration section.

Sample IIS Syslog

<13>Oct  9 12:19:05 ADS-Pri.ACME.net IISWebLog              0              2008-10-09 19:18:43 W3SVC1 ADS-PRI 192.168.0.10 GET /iisstart.htm - 80 - 192.168.20.80 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.3)+Gecko/2008092417+Firefox/3.0.3 - - 192.168.0.10 200 0 0 2158 368 156
<46>Mar 29 12:21:03 192.168.0.40 FTPSvcLog	0	2010-03-29 19:20:32 127.0.0.1 - MSFTPSVC1 FILER 127.0.0.1 21 [1]PASS IEUser@ - 530 1326 0 0 0 FTP - - - -

Microsoft IIS for Windows 2008

Microsoft IIS for Windows 2008

What is Discovered and Monitored

Protocol

Information discovered

Metrics collected

Used for

SNMP

Application type

Process level metrics: CPU utilization, memory utilization

Performance Monitoring

WMI

Application type, service mappings

Process level metrics: uptime, CPU Utilization, Memory utilization, Read I/O, Write I/O

IIS metrics: Current Connections, Max Connections, Sent Files, Received Files, Sent Bytes, Received Bytes, ISAPI Requests, Not Found Errors

Performance Monitoring

Windows Agent

Application type

W3C access logs: attributes include IIS Service Instance, Client IP, URL, User Agent, Referrer, HTTP Version, HTTP Method, HTTP Status Code, Sent Bytes, Received Bytes, Connection Duration

Security Monitoring and compliance

Event Types

In ADMIN > Device Support > Event Types, search for "microsoft iis" to see the event types associated with this device.

Configuration

SNMP

See SNMP Configurations in the Microsoft Windows Server Configuration section.

WMI

See WMI Configurations in the Microsoft Windows Server Configuration section.

FortiSIEM Windows Agent

For information on configuring IIS for FortiSIEM Windows Agent, see Collecting Windows IIS Logs from Microsoft Windows Server via Agents.

Setting Access Credentials

See Setting Access Credentials in the Microsoft Windows Server Configuration section.

Sample IIS Syslog

<13>Oct  9 12:19:05 ADS-Pri.ACME.net IISWebLog              0              2008-10-09 19:18:43 W3SVC1 ADS-PRI 192.168.0.10 GET /iisstart.htm - 80 - 192.168.20.80 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.3)+Gecko/2008092417+Firefox/3.0.3 - - 192.168.0.10 200 0 0 2158 368 156
<46>Mar 29 12:21:03 192.168.0.40 FTPSvcLog	0	2010-03-29 19:20:32 127.0.0.1 - MSFTPSVC1 FILER 127.0.0.1 21 [1]PASS IEUser@ - 530 1326 0 0 0 FTP - - - -