log analysis microsoft iis

In October 2015, Netcraft found that after Apache and NGINX, Microsoft IIS is the third-most-common web server used by the one million largest websites in the world. Although IIS’s popularity is declining, it’s still the most popular commercial web server and it is understandably popular among Microsoft developers.

Still, it is still difficult to receive relevant and actionable insights from the hundreds or even thousands of log entries that IIS web servers can generate every single second. Here, I wanted to look further into IIS log data to provide three instances of how DevOps engineers and system administrators can use Elasticsearch, Logstash, and Kibana to understand their IIS logs.

For reference: IIS logs can be exported in a W3C format, and the different fields can be customized in the IIS admin user interface.

Elasticsearch, Logstash, and Kibana — commonly known as the ELK Stack — can collect, parse, and store all IIS log data. Then, the information can be shown in the Kibana part of the stack in a way that users can be alerted to specific problems and then fix them immediately.

How to Parse IIS Logs Using Logstash

Often, one of the first things to do is to filter and enhance your IIS logs with Logstash. Here is a sample of an IIS log line and the related Logstash configuration that we happen to use in our internal environment.

A sample IIS access log entry:

 

The Logstash configuration to parse that IIS access log entry:

Now that you’ve seen how to use the ELK Stack to analyze Microsoft IIS log files, I’ll present some use cases of when to use Elasticsearch, Logstash, and Kibana in this context.

IIS Log Analysis Use Cases

Operations Analysis

iis operational analysis

Whenever traffic significantly exceeds the long-term average of site visits or whenever error rates are higher than normal, the ELK Stack can be used to send alerts to operations teams. This way, slow website response rates can be fixed so that the user experience is not affected.

For example, Elasticsearch, Logstash, and Kibana can be used as a log management stack to see whenever there is a sharp decline in the number of requests for web pages or a significant spike in traffic that caused a server to crash. If both of these things occur in the same dashboard, you could be facing a DDoS attack. In such a scenario, ELK can be used to find the origin IP address and block it.

Within our ELK Stack alerts feature, one visualization that we have is the number of log lines that cache responds to disk.

This visualization and more can be found in our ELK Apps library by searching for IIS.

iis technical seo analysis

Technical SEO

In SEO, the need to create quality content is becoming increasingly known. But if Google cannot access and index the content — or if the Googlebot hits its crawl limit before finding the content in the first place — then those marketing materials will be useless.

As the dashboard image shows, IIS log analysis with ELK can tell you when any page on your website was last crawled by Google, how Google prioritizes content in different subdomains and subdirectories, and which URLs are indexed the most and least. In one of our related posts, you can see how to use server log analysis for technical SEO.

Business Intelligence

IIS logs have everything that you need to analyze your application’s users — you can see everything from their geographic locations to the URLs that they visit to the quality of their UX. With ELK, users can correlate the IIS server data with infrastructure-level logs to gain more insight into how your infrastructure is affecting your visitors’ experiences on your website.

For example, memory loads, CPUs, and response times can be analyzed together to see if strong machines might be needed in your overall environment.

Many of these visualizations can be found in our free ELK Apps library by searching for IIS. Here are two examples: one is the response time that we’re getting per response code, and the other is a heat map of all of our visitors.

iis business intelligence

iis user heat map

In Conclusion

elk apps iis

IIS users should analyze their IIS logs regularly. From business intelligence to technical SEO and more, we have dashboards for these operations uses cases and more in our free ELK Apps library.

Have any tips on IIS log file analysis? We’d love to hear your thoughts in the comments below!

Use Logz.io to Monitor Your IIS Server Logs