You can configure Microsoft IIS Protocol to
communicate with QRadar by
using the IIS Protocol.
Before you begin
Before you configure IBM
QRadar with the Microsoft IIS protocol, you must configure your Microsoft IIS Server to generate the correct log format.
About this task
The Microsoft IIS Protocol supports only the W3C
Extended log file format.
Procedure
-
Log in to your Microsoft Information Services (IIS) Manager.
-
Expand .
-
Select Web Site.
-
Double-click the Logging icon.
-
Select W3C as the log file format from the Log File
window.
-
Click Select Fields.
-
From the list of properties, select check boxes for the following W3C properties:
Table 1. Required Properties for IIS event logs
IIS 6.0 Required Properties
|
IIS 7.0/7.5 Required Properties
|
IIS 8.0/8.5 Required Properties
|
IIS 10 Required Properties
|
Date (date) |
Date (date) |
Date (date) |
Date (date) |
Time (time) |
Time (time) |
Time (time) |
Time (time) |
Client IP Address (c-ip) |
Client IP Address (c-ip) |
Client IP Address (c-ip) |
Client IP Address (c-ip) |
User Name (cs-username) |
User Name (cs-username) |
User Name (cs-username) |
User Name (cs-username) |
Server IP Address (s-ip) |
Server IP Address (s-ip) |
Server IP Address (s-ip) |
Server IP Address (s-ip) |
Server Port (s-port) |
Server Port (s-port) |
Server Port (s-port) |
Server Port (s-port) |
Method (cs-method) |
Method (cs-method) |
Method (cs-method) |
Method (cs-method) |
URI Stem (cs-uri-stem) |
URI Stem (cs-uri-stem) |
URI Stem (cs-uri-stem) |
URI Stem (cs-uri-stem) |
URI Query (cs-uri-query) |
URI Query (cs-uri-query) |
URI Query (cs-uri-query) |
URI Query (cs-uri-query) |
Protocol Status (sc-status) |
Protocol Status (sc-status) |
Protocol Status (sc-status) |
Protocol Status (sc-status) |
Protocol Version (cs-version) |
User Agent (cs(User-Agent)) |
User Agent (cs(User-Agent)) |
User Agent (cs(User-Agent)) |
User Agent (cs(User-Agent)) |
|
|
|
-
Click OK, and then click Apply.
What to do next
You are now ready to configure the log source in QRadar.