Configuring Microsoft IIS6

Configuring Microsoft IIS6 1. Click Start > Programs > Administrative Tools > Internet Information Services (IIS) Manager. 2. To determine your log fi...
Author: Allen Parsons
6 downloads 2 Views 844KB Size
Report
Download PDF
Configuring Microsoft IIS6 1. Click Start > Programs > Administrative Tools > Internet Information Services (IIS) Manager. 2. To determine your log file encoding type right click your server and select properties. If you have UTF-8 encoding enabled the check box for “UTF-8 Logging” will be checked. The default is unchecked which is ANSII encoding. Snare supports either UTF-8 or ANSII encoding

3. Now navigate to the Web Sites folder. Expand the Web Sites folder and select your site for monitoring. Right click the site and select properties. Validate that you have logging enabled for the site and if not select “Enable logging” to enable logging.

5. Now that you have verified and or enabled logging for the site make sure the “Active log format” is “W3C Extended Log File Format”. (See above screenshot for example) 6. While still on the same screen click the Properties button for the “Active log format” to view the log directory, log schedule and rollover settings. 7. Here you will find your “Log file directory” settings. Notice the numerical value in the “Log file name”. This is the site ID number for the site which is added as a suffix to the log directory. Note: your log schedule, rollover and log file directory may be different from the below screenshot as this is our suggested default configuration

9. Now that you have defined and or verified your log schedule, rollover and log file directory select the “Advanced” tab at the top. Here we need to verify that the proper log flags are defined. Not having the required log flags defined could result in missed security events. Make sure you either select all of the log flags or at a minimum the following log flags MUST be selected. Date, Time, ClientIP, UserName, ServerIP, ServerPort, Method, UriStem, HttpStatus (Protocol Status), UserAgent The following are the flags set by default: Date, Time, ClientIP, UserName, ServiceName, ServerIP, ServerPort, Method, URIStem, URIQuery, HttpStatus (Protocol Status), Protocol Substatus, Win32 Status, User Agent

10. Now that you have configured logging and or verified logging for your monitored sites you may want to view the log in their directory. Here are some examples of what the logs will look like. Note: if you do not see any logs files in the log directory/directories it could be due to no traffic/users accessing the site(s). You may want to browse the site(s) to generate traffic so logs are produced. Also note that it can sometimes take a minute before IIS updates the log file.

11. Now that you have completed the configuration and or verification process for IIS, please configure the epilog agent to point to the log location.

Configuring Microsoft IIS7/IIS8 1. Click Start > Programs > Administrative Tools > Internet Information Services (IIS) Manager. 2. To determine your global logging settings and log file encoding type select your server and in the middle pane double click "Logging".

3. Verify and or enable logging globally for the server. Our examples here assumes you are using one log file per Site. If you have logging Enabled globally the fields in the middle pane will not be greyed out and the “Action” “Disable” should be blue. If logging is disabled the fields will be greyed out and the “Action” “Enable” should be blue. Logging enabled globally example If you make a configuration change, make sure to “Apply” the change!

Logging disabled globally example If you make a configuration change, make sure to “Apply” the change!

4. Now that you have verified and or enabled logging globally lets verify and or configure your log format and encoding globally. The default log file format for IIS7/IIS8 is W3C and the default encoding is UTF-8. Your current global implementation may be set differently and that is fine. This can be changed at the site level if you have the need to log in a different format for other sites.

If you make a configuration change, make sure to “Apply” the change!

5. Now navigate to the Sites folder. Expand the Sites folder and select your site for monitoring. Then in the middle pain double click “Logging”.

6. Now that you have the logging settings open for the site verify and or enable logging for the site as you did for your global settings. 7. Make note of your configured “Directory” as this is where you will find your site’s log directory and access logs. 8. Verify and or configure the “Log File” format as “W3C”. The “Encoding” should be UTF-8 or ANSII. In the below example you can see that the encoding was inherited from the global settings and is defined as UTF-8. Note: Your options for “Log File Rollover” may be different than the below example as this is our suggested default configuration. If you make a configuration change, make sure to “Apply” the change!

9. Now that you have defined and or verified your log schedule, rollover and log file directory click the “Select Fields” button by the Log File “Format” drop down.

10. Here we need to verify that the proper log flags are defined. Not having the required log flags defined could result in missed security events. Make sure you either select all of the log flags or at a minimum the following log flags MUST be selected. Date, Time, ClientIP, UserName, ServerIP, ServerPort, Method, UriStem, HttpStatus (Protocol Status), UserAgent The following are the flags set by default.

Date, Time, ClientIP, UserName, ServerIP, ServerPort, Method, URIStem, URIQuery, HttpStatus (Protocol Status), Protocol Substatus, Win32 Status, Time Taken, User Agent If you make a configuration change, make sure to “Apply” the change!

11. Now that you have configured logging and or verified logging for your monitored sites you may want to view the log in their directory. Here are some examples of what the logs will look like. Note: if you do not see any logs files in the log directory/directories it could be due to no traffic/users accessing the site(s). You may want to browse the site(s) to generate traffic so logs are produced. Also note that it can sometimes take a minute before IIS updates the log file. First collect your site IDs so you know which log directory belongs to which site. You can do this by selecting the “Sites” folder on the left pane and the IDs will be listed in the middle pane.

12. Now using the previous log path(s) for your site(s) you gathered, append W3SVC to the log path and that will be your full path to the site’s access logs.

13. Now that you have completed the configuration and or verification process for IIS, please configure the epilog agent to point to the log location.

Suggest Documents

Microsoft TS: Microsoft Desktop Optimization Pack, Configuring

Microsoft TS: Microsoft Desktop Optimization Pack, Configuring
Read more
Configuring SonicOS for Microsoft Azure

Configuring SonicOS for Microsoft Azure
Read more
Configuring Application Response to Monitor Microsoft Outlook

Configuring Application Response to Monitor Microsoft Outlook
Read more
Configuring Microsoft Outlook Express with SSL

Configuring Microsoft Outlook Express with SSL
Read more
Microsoft Configuring Advanced Windows Server 2012 Services

Microsoft Configuring Advanced Windows Server 2012 Services
Read more
10174A Configuring and Administering Microsoft SharePoint 2010

10174A Configuring and Administering Microsoft SharePoint 2010
Read more
Configuring ADOBE LIVECYCLE ES4 Connector for MICROSOFT SHAREPOINT

Configuring ADOBE LIVECYCLE ES4 Connector for MICROSOFT SHAREPOINT
Read more
Configuring Microsoft Entourage Web Services for Apple Macintosh Computers

Configuring Microsoft Entourage Web Services for Apple Macintosh Computers
Read more
Configuring ADOBE LIVECYCLE ES4 Connector for MICROSOFT SHAREPOINT

Configuring ADOBE LIVECYCLE ES4 Connector for MICROSOFT SHAREPOINT
Read more
Microsoft TS: Windows Server 2008 Active Directory, Configuring. Version: 1.3

Microsoft TS: Windows Server 2008 Active Directory, Configuring. Version: 1.3
Read more
Exam : Title. : Installing, Configuring, and Administering Microsoft Windows XP Professional

Exam : Title. : Installing, Configuring, and Administering Microsoft Windows XP Professional
Read more
Configuring EtherChannel

Configuring EtherChannel
Read more
Configuring Kerberos

Configuring Kerberos
Read more
Configuring Certificates

Configuring Certificates
Read more
Configuring PROFINET

Configuring PROFINET
Read more
Configuring a Microsoft Analysis and Reporting Services Resource in Metadata Manager

Configuring a Microsoft Analysis and Reporting Services Resource in Metadata Manager
Read more
Installing and configuring Microsoft Lync Server Peter Dorner Advisory Architect IBM

Installing and configuring Microsoft Lync Server Peter Dorner Advisory Architect IBM
Read more
DEMO ONLY VERSION. Easy CramBible Lab Microsoft Desktop Optimization Pack, Configuring. ** Single-user License **

DEMO ONLY VERSION. Easy CramBible Lab Microsoft Desktop Optimization Pack, Configuring. ** Single-user License **
Read more
Exam Code: Vendor: Microsoft. Exam Name: TS: Windows Server 2008 Active Directory. Configuring

Exam Code: Vendor: Microsoft. Exam Name: TS: Windows Server 2008 Active Directory. Configuring
Read more
Configuring an IMAP or POP3 Journal Account for Microsoft Exchange Server 2007 and 2010

Configuring an IMAP or POP3 Journal Account for Microsoft Exchange Server 2007 and 2010
Read more
Configuring Cisco IOS and Windows 2000 Clients for L2TP Using Microsoft IAS

Configuring Cisco IOS and Windows 2000 Clients for L2TP Using Microsoft IAS
Read more
Configuring DSR. Configuring Direct Server Return (DSR) Technical Note

Configuring DSR. Configuring Direct Server Return (DSR) Technical Note
Read more
Configuring vrealize Automation

Configuring vrealize Automation
Read more
CONFIGURING THE METADATA CARD

CONFIGURING THE METADATA CARD
Read more