How to - GuideIntegrate Microsoft IIS logs to EventTrackerAuthor: Security IntelligenceApril 7, 2021 Copyright Netsurion. All Rights Reserved.1

Forwarding Microsoft IIS logs toEventTrackerAbstractThis guide provides instructions to configure Microsoft IIS to generate logs for critical events. OnceEventTracker is configured to collect and parse these logs, dashboard and reports can be configured tomonitor the web servers.ScopeThe configuration details in this guide are consistent with EventTracker version 9.x and later, and MicrosoftIIS.AudienceIT admins, Microsoft IIS administrators and EventTracker users who wish to forward logs toEventTracker and monitor events using EventTracker.Integration Guide2

Forwarding Microsoft IIS logs toEventTrackerTable of ContentsTable of Contents .31.Overview .42.Prerequisites .43.Configuring Microsoft IIS .4About Netsurion.6Integration Guide3

Forwarding Microsoft IIS logs toEventTracker1. OverviewIIS (Internet Information Services) is a web server created by Microsoft. The IIS is designed to deliver highspeed and secure information publishing, while also serving as a platform for developers and independentsoftware vendors to extend the Internet’s standard communication capabilities.EventTracker supports traffic logs from Microsoft IIS. It gives you statistical reports of client requests, URIaccessed, HTTP errors and HTTP method used. It also identifies the client browser and operating systemused by the clients. From the security point of view, it detects suspicious URI requests run by the client andidentifies attacks like SQL injection and cross-site scripting. One can pinpoint the performance bottlenecksby tracking the slow loading pages of the website. Pages visited by a user can be tracked using the userjourney data.2. Prerequisites EventTracker v9.x or above should be installed. Microsoft IIS v8.5 or later should be installed. IIS Logging should be enabled.3. Configuring Microsoft IIS1. Start Internet Information Services (IIS) Manager.2. Expand ServerName, and then expand Sites for Web Sites or FTP Sites.3. Select the Web Site or FTP Site for which logging is required to be enabled.4. Select the Logging option shown in the middle pane.Integration Guide4

Forwarding Microsoft IIS logs toEventTracker5. the Log File format drop-down list, select W3C format.In the Select Fields dialog box, select all the fields.Enable the ETW event only under Log Event Description.Click Apply under Actions pane at the top right.Open event viewer by running eventvwr.msc and navigate to Application and Services Logs Microsoft Windows IIS-Logging and click on Logs.10. Click on Enable log for enabling IIS-Logging.Integration Guide5

Forwarding Microsoft IIS logs toEventTrackerAbout NetsurionFlexibility and security within the IT environment are two of the most important factors driving businesstoday. Netsurion’s cybersecurity platforms enable companies to deliver on both. Netsurion’s approach ofcombining purpose-built technology and an ISO-certified security operations center gives customers theultimate flexibility to adapt and grow, all while maintaining a secure environment.Netsurion’s EventTracker cyber threat protection platform provides SIEM, endpoint protection, vulnerabilityscanning, intrusion detection and more; all delivered as a managed or co-managed service.Netsurion’s BranchSDO delivers purpose-built technology with optional levels of managed services to multilocation businesses that optimize network security, agility, resilience, and compliance for branch locations.Whether you need technology with a guiding hand or a complete outsourcing solution, Netsurion has themodel to help drive your business forward. To learn more visit or follow uson Twitter or LinkedIn. Netsurion is #19 among MSSP Alert’s 2020 Top 250 MSSPs.Contact UsCorporate HeadquartersNetsurionTrade Centre South100 W. Cypress Creek RdSuite 530Fort Lauderdale, FL tIntegration Guide6

IIS (Internet Information Services) is a web server created by Microsoft. The IIS is designed to deliver high speed and secure information publishing, while also serving as a platform for developers and independent software vendors to extend the Internet’s standard communication capabilities. EventTracker supports traffic