The tags beginning with ftp.iis identify log events generated by the FTP service for Windows.
The full tag must have at least six levels. The first two are fixed as ftp.iis. The third level identifies the log type/format and currently must be only access-w3c-all.
The fourth, fifth and sixth levels are required and should identify the environment type, web application, and instance respectively.
- environment - Describes the environment in when the event occurred. For example, development, testing, or production.
- web application - The name of the web application.
- clon - This is the instance that generated the event. Depending on your network, this can be a machine name, or the virtual name of an IIS process.
The values of these levels should be guided by the structure we propose because they will be saved in the events when saved in Devo. When you open the resulting data table, these will appear in the environment, site and clon columns.
free but required
|free but required||free but required|
Therefore, the valid tag is:
For more information, read more about Devo tags.
Enable IIS FTP logging
Follow the procedures for "How to configure logging options for an FTP site" in the Microsoft online documentation. In step 4, be sure to select all fields for the log files as shown here:
Follow the rest of the procedure configuring the log file settings as you prefer.
Save log files in W3C Extended Format
You must specify that the IIS FTP log files be generated in the W3C Extended format; this is the format that Devo expects and will parse correctly. Because it includes all possible fields, it also offers the greatest level of detail.
This log file format is as follows:
For more information about the fields in this format, see Microsoft IIS W3C Extended log format.
Send the events to Devo
We recommend using the MagicLog component of the 2021-06-15_09-43-16_Devo Agent for Windows to forward the log files to Devo. You can also use the third-party tool, Snare Epilog.
In both cases:
- Make sure the logs are written to text files.
- Have the complete paths to the log files on hand when setting up the sending.