Working With IIS and Scalyr

jmorajmora Customer Success Engineer
edited April 10 in Tips and Tricks

You can configure Scalyr to work with your IIS server to parse and record access log information, requests, and errors. The information here can be sent to Scalyr and optimized to work with Scalyr features, such as Dashboards and Alerts.

The steps to get this working are simple.

Configure IIS

1. Configure Logging in IIS
Start > Run > "InetMgr" > Server > Logging

IIS configuration example

2. Configure logging directory.
This tutorial will assume the default logging location as C:\inetpub\logs\LogFiles

Logging Directory Example

3. Configure the fields you would like to log.

Logging > "Select Fields ..."

Turn on Bytes-Sent and Bytes-Received

Configure Logging Fields for Scalyr

This tutorial will assume this configuration - any changes could require downstream changes to the parser.

Configure your agent

1. Edit the Agent configuration
Run as admin > "C:\Program Files (x86)\Scalyr\config\agent.json"

2. Configure the Logs JSON object to point to the IIS location.

Agent Example

Use glob patterns to grab all log files

logs: [
     { 
        path: "C:\\inetpub\\logs\\LogFiles\\*\\*",
        attributes: {parser: "IIS"}
     }
  ],

3. Set the parser to IIS

logs: [
    { 
       path: "C:\\inetpub\\logs\\LogFiles\\*\\*",
       attributes: {parser: "IIS"}
    }
      ],

4. Rename log files

Since we are using a glob pattern, this step will ensure that we have only one log file on Scalyr.

logs: [
    { 
       path: "C:\\inetpub\\logs\\LogFiles\\*\\*",
       attributes: {parser: "IIS"}
       rename_logfile: "/windows/access.log"
    }
      ],

Full configuration

// Configuration for the Scalyr Agent. For help:
// 
// https://www.scalyr.com/help/scalyr-agent-2

{
  // Enter a "Write Logs" api key for your account. These are available at https://www.scalyr.com/keys
  api_key: "your-api-key",

  // Fields describing this server. These fields are attached to each log message, and
  // can be used to filter data from a particular server or group of servers.
  server_attributes: {
     // Fill in this field if you'd like to override the server's hostname.
      serverHost: "enter-server-host name",

     // You can add whatever additional fields you'd like.
     // tier: "production"
  }

  // Log files to upload to Scalyr. You can use '*' wildcards here.
  logs: [
      { path: "C:\\inetpub\\logs\\LogFiles\\*\\*",
        rename_logfile: "/IIS/access.log"
        attributes: {parser: "IIS"} }
  ],
}

5. View your logs in Scalyr.
There is no need to restart the agent. Generate traffic by accessing your site.

Troubleshooting Tip: scalyr-agent-2 status -v should help with diagnosing configuration issues with the agent.

Scalyr-UI

Configure the Parser

  1. Navigate to the IIS Parser
    If you have logs coming from the IIS server with the above configuration, you should now have a parser named IIS. Go to to scalyr.com/parsers > IIS > Create

IIS Parser Scalyr

2. Replace the newly created parser with the following

{
  // specify a time zone if the timestamps in your log are not in GMT
  // timezone: "GMT-0800"
  attributes: {
    dataset: "accesslog"
  },
  patterns: {
    tsPattern: "[\\d-]+\\s[\\d:]+"
  }, 
  formats: [
    {
      format: "$timestamp=tsPattern$ $s-ip$ $cs-method$ $cs-uri-stem{parse=uri}$ $cs-uri-query$ $s-port$ $cs-username$ $c-ip$ $User-Agent$ $Referer$ $status$ $sc-substatus$ $sc-win32-status$ $bytes$ $bytes-sent$ $time{parse=milliseconds}$"
    }
  ]
}

Logs

You should be receiving logs within Scalyr

Tip: Checkout "Live Tail" to view logs as they come into Scalyr

IIS Logs

Dashboards

Once you have edited the parser and generated logs, information should appear on your WebServer Dashboard.

IIS Dashboard

** Let me know if this was helpful in the comments

Sign In or Register to comment.