How to configure IIS for logging with Snare Windows Agent

Owned by Carlos Osorio
Last updated: Jun 24, 2021 by Steve Challans
1 min read


SUMMARY

Please see document from Microsoft for configuring IIS so Snare Enterprise Agent can be used to collect the text logfiles.  Includes configuration for Microsoft IIS6, IIS7/IIS8.

The basic settings for the Snare Agent are as follows.

  • select the Log Configuration page

  • select Microsoft IIS web server logs from the dropdown menu

  • select the log file location of the logs for IIS on the windows server

  • adjust the log name based on your desired settings, the log files do rotate from IIS so you can use the format below like *%*.*, The UI also provides some other examples

  • the final result will look like the following

  • select change configuration to save the settings

  • once the settings are saved select apply Configuration and Restart the agent on the left menu to apply the settings.

  • Now the agent will start to collect logs, these can be viewed on the latest events page under the Log Audit tab