Microsoft IIS log source parameters for Microsoft IIS Server

If QRadar does not automatically detect the log source, add a Microsoft IIS Server log source on the QRadar Console by using the Microsoft IIS protocol.

When using the Microsoft IIS protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect Microsoft IIS events from a Microsoft IIS Server:
Table 1. Microsoft IIS log source parameters for the Microsoft IIS Server DSM
Parameter Value
Log Source type Microsoft IIS Server
Protocol Configuration Microsoft IIS
Log Source Identifier

Type the IP address or host name for the log source.

File Pattern

Type the regular expression (regex) that is needed to filter the file names. All matching files are included in the processing. The default is (?:u_)?ex.*\.(?:log|LOG)

For example, to list all files that start with the word log, followed by one or more digits and ending with tar.gz, use the following entry: log[0-9]+\.tar\.gz. Use of this parameter requires knowledge of regular expressions (regex). For more information, see the following website: http://download.oracle.com/javase/tutorial/essential/regex/

For a complete list of Microsoft IIS protocol parameters and their values, see Microsoft IIS protocol configuration options.