IIS Log Analyzer & Log Parser With SolarWinds® Log & Event Manager

Collect logs from your Microsoft© Internet Information Service (IIS) webservers to troubleshoot operational and security issues easily. Search and quickly visualize web requests to see patterns in your web users’ activity. Customize reports to find URLs returning 404s or create rules and alerts to detect suspicious traffic for SQL injection, cross-site scripting (XSS), and other malicious requests.

Benefits of IIS Log Analysis

Your IIS logs contain a tremendous amounts of information about how users are accessing your webserver. If you have enabled proper logging levels, you can collect the source or client IP address, the HTTP method being queried, the URI stem or target and the specific query parameters requested. This information can be used with a log parser to detect requests that your application isn’t expecting and to find signs of an attack. For example, if the URI query includes a single quote and the HTTP method is a POST, you might be seeing a SQL injection attack. The IIS logs may be the only sign of such an attack if the application isn’t logging failed form submits and your web application firewall doesn’t detect the attack. The advantage of parsing the logs is you can see if someone is attempting to attack you. If you are breached, you can also review these logs from your secure log storage to find how they breached your network and more details about the attacker.

Benefits of IIS Log Analysis

Implementing a Log Parser for IIS Log Analysis

Collecting the IIS logs from your webservers is easy with Log & Event Manager. Simply install the agent on your servers and add a connector in the Log & Event Manager web console for each of the servers you want to analyze IIS logs from. After you are collecting IIS logs, make sure your filters, reports, and alerts are configured to analyze the events that are critical for your environment. You should also update your dashboard to include specific events from these logs to quickly see any issues. For example, update your dashboard to track the number of 404s to detect if users are being sent to bad URLs, or if someone is trying to attack your webservers.

Implementing a Log Parser for IIS Log Analysis

How IIS Log Analysis Works

Like most other events and logs, IIS logs can be visualized with bar charts, in the real-time monitor window, or by running reports for general or very specific events. Below is an example of HTTP POSTs over time. A quick visual scan in the log parser will show an anomaly where the number of POSTs increases. This could be a sign of an attack or improper usage of your webservers. You can perform these types of searches manually, or you can save these queries to automatically analyze your IIS logs.

View of how update node inventory works

Additional Resources

  • Log & Event Manager Guided Tour

    Watch Video

Try It Yourself

You can analyze IIS logs (and a lot more) for free when you download a free trial of Log & Event Manager. It’s fully functional for 30 full days!

With our DIY deployment wizard, you’ll be up and running in less than an hour.

Download Free Trial Fully Functional For 30 Days

SolarWinds Log & Event Manager(LEM)

With our DIY deployment wizard, you'll be up and analyzing your IIS logs in less than an hour.

  • Proactively respond to events in real-time
  • Robust search capabilities
  • Out of the box compliance rules and reports

Starts at $4495

Download Free Trial Fully Functional For 30 Days

Learn More About LEM

Back to Top