Skip to main content

Using IIS Advanced logging with LeanSentry

LeanSentry Support
  • Updated

LeanSentry uses IIS logs to derive website traffic information in order to monitor your applications.

If you use the newer IIS Advanced logging feature instead of the built-in IIS W3C logging, you can now configure LeanSentry to load traffic information from your advanced logging logfiles.

This article covers:

1. Enabling Advanced logging. 

2. Configuring LeanSentry to load traffic from a server-level logging definition.

3. Configuring LeanSentry to load traffic from website-level logging definitions.

4. Troubleshooting common issues with Advanced logging.

 

Enabling Advanced logging

By default, LeanSentry expects built-in per-website IIS W3C logging to be enabled. If you want to use Advanced logging instead, you can configure it as follows in your environment settings:

AdvancedLogging_Enabling1_marked.PNG 

Steps to enable:

1. Open environment settings, and click the "Show/hide environment settings" link to show environment settings (you can also do this for a specific server instead).

2. Go to the "Other" tab to show the logging settings.

3. Check the "Enable Advanced logging" checkbox and click SAVE below.


Note that this will force LeanSentry to look for per-website Advanced logging definitions and ignore your regular W3C logging settings. To use a server-level Advanced logging definition instead, see below.

 

Using a server-level Advanced logging definition

By default, Advanced logging creates a single server-level definition which records traffic to all websites on the server. If you are using a server-level definition, you can specify it as follows:

AdvancedLogging_Enabling_UseServerLevelDefinition_marked.PNG

Steps to enable:

1. To use a server-level definition, provide its name in the log definition textbox and click SAVE below.

To use the default server-level definition, click the "set server log" link which applies the default name of "%COMPUTERNAME%-Server". If your server-level definition is called something else, provide its actual name here.

2. Edit your server-level definition and add all required fields to allow LeanSentry to process it.

The fields you would typically need to enable are:

  • Site Name.
  • Time Taken.

3. If you made changes to the logging fieldsrecycle your application pools to apply the changes.

AdvancedLogging_AddRequiredFields_ServerLog_marked.PNG

Note: This will cause LeanSentry to look for the specified Advanced logging definition at the server level; if found, server-level logging will be used for all websites. If not found, we will look for the specified definition at each website level, and if we fail to find it, we will not be able to load traffic information for those websites.

 

Using a website-level Advanced logging definition

If your Advanced logging definitions are specified for each website, you can leave the default settings and LeanSentry will automatically look for logging definitions specified at each website level.

You can also specify the exact website-level logging definition name by setting it in the logging definition textbox as shown previously. As long as the definition does not match an enabled server-level definition, per-a website definition will be used.

NOTE: If your website level definitions are named differently for different websites, you can also use variables to specify the name. For example, you can use the {SiteName} variable to substitute the website name for each different website, as well as {SiteId} for website id.

 

Troubleshooting common Advanced logging issues

1. Identifying logging issues

You may receive warnings from one or more servers indicating issues with your Advanced logging configuration. To view them, open environment settings.

AdvancedLogging_ServerWarnings_MissingFields.PNG

2. Use a server-level logging definition

By default, Advanced logging uses a single server-level log definition to capture requests for all websites on your server. If this is the case, you must specify the name of the server-level definition in your LeanSentry settings to make sure we bind to the server-level definition.

3. Add required fields to your logging definition

You must enable the fields required by LeanSentry in your logging definition to allow it to be processed. These fields are:

  1. Date: "date",
  2. Time-UTC: "time",
  3. URI-Stem: "cs-uri-stem",
  4. Status: "sc-status",
  5. Time Taken: "TimeTakenMS"
  6. Site Name: "cs-sitename" (Server-level logging definitions only)

You should also enable these optional fields for best results:

  1. "c-ip",
  2. "cs-username",
  3. "cs-uri-query",
  4. "cs-method",
  5. "sc-substatus",
  6. "sc-win32-status",
  7. "sc-bytes",
  8. "cs-bytes",
  9. "cs(Host)",
  10. "cs(Referer)"

To enable the fields, edit the logging definition:

AdvancedLogging_AddRequiredFields_ServerLog_marked.PNG

Note that you will need to recycle your application pools after making any changes to make sure they are reflected.

4. Verify that logging is working

To verify that Advanced logging is enabled and is working correctly, perform the following steps:

1. Open the expected log directory on the server.

If you are using a server definition, this will typically be in %SystemDrive%\inetpub\logs\AdvancedLogs or %SystemDrive%\inetpub\logs\AdvancedLogs\<SiteName> if using a website-level definition. 

You can also change the location by clicking "Edit Log Directory ..." in inetmgr.

AdvancedLogging_LogDirectory.PNG

2. Verify that the log files are being written.

NOTE: If you are not seeing traffic reported in LeanSentry, please contact support@leansentry.com and will can diagnose the exact issue preventing us from parsing your logfiles.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk