Create an Agent Based Log Source - IIS
- Aaron Gabriel (Deactivated)
- Former user (Deleted)
- Luke Fritz (Unlicensed)
Â
Topics Discussed
Â
You can use this document to send IIS logs to Armor's Security Information & Event Management (SIEM).
Â
Configure Your IIS Service
Configuring IIS services uses the Command Line Interface (CLI) feature. For more information, see Security Service CLI Commands.
The following arguments are possible parameters for the Logging CLI feature. This allows customers to manage filebeat modules on Virtual Machines.
Command | Arguments | Result |
|---|---|---|
| Enables filebeat IIS/apache/nginx. When run, module yml file will change from disabled state to enable state. | |
| Disables Filebeat IIS/apache/nginx. When run the module yml file will change from enable state to disable mode. | |
| path1, path2, path3 | Includes the argument paths in module yml file under the 'access_paths' section. |
| path1, path2, path3 | Removes the argument paths in module yml file under the 'access_paths' section. |
| path1, path2, path3 | Includes the argument paths in module yml file under the 'error_paths' section. |
| path1, path2, path3 | Removes the argument paths in module yml file under the 'error_paths' section. Removes the argument paths in module yml file under the 'error_paths' section. |
| The command sync the module yml file on vm with latest changes which are required. | |
| The command displays current access & error paths which are configured in module yml file. |
Â
Command Usage:
armor logging iis-enable
armor logging iis-disable
armor logging iis-add-access-paths <required paths needs to add here>
armor logging iis-remove-access-paths <required paths needs to add here>
armor logging iis-add-error-paths <required paths needs to add here>
armor logging iis-remove-error-paths <required paths needs to add here>
armor logging iis-sync-config
armor logging iis-describe-configÂ
Troubleshooting
Verify that logs are formatted correctly, similar to the following example: