How to monitor the IIS (W3SVC) log files
This guide will teach you how to monitor the IIS (W3SVC) log files using the Nodinite Log File Parser Monitoring Agent.
This article assumes your IIS uses the W3C Extended Log File Format, the date and time stamp in the IIS log files is in GMT
Before you begin
Ensure you comply with the prerequisites and install the Nodinite Log File Parser Monitoring Agent.
Step 1: Add a new monitoring configuration
To add a new monitoring entry, click on the Add button from the Content File tab.
- Name the configuration
- Provide an optional description
- Set the Application Id (You must have a matching entry in the Applications Tab)
Step 2: Set the monitor path
Next, enter the path to where the IIS (W3SVC) log files are located (for example, C:\inetpub\logs\LogFiles\W3SVC1).
- Enter the path
- Enter the RegEx-based filter (
\.log$)
Below is a table with some common RegEx file filter examples:
| Filter | Example | Comment |
|---|---|---|
\.xml$ |
XML Files | All XML files with suffix ".xml" |
\.txt$ |
Text Files | All text files with suffix ".txt" |
^ONLYME\.data$ |
Specific file | Only this file "ONLYME.data" |
Step 3: Set the start match
Next, enter the start match configuration.
- 'Line contains' (what error codes are we looking for? In this case 4xx and 5xx)
\- \- (4[0-9][02-9]|5[0-9]{2})
Step 4: Set the time-related options
Leave the Clear Date Time field empty for now. This field is populated by the system when an end-user is clearing previous problems.
Select the time option (
Created after Clear Date Time - File time span)Set the 'File time span' field to
1.00:00:00. You may need to tune this setting. This allows files created less than a day ago to be included in the monitoring... however, actual Lines are a smaller subset of this collection of files.Check the 'Lines have a DateTime' checkbox
'Match date' (the date, in this case, the format is 2017-05-17 13:37:00)
^([0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2})
The date is required if you want to ignore previous errors. You can ignore previous errors by clicking the Clear menu item in the Actions button on the Resource.
A RegEx for the Date time is required to understand how to parse the date time for rows in the text file.
- 'Matched date groups':
1
Save
You must click Save for changes to be written to the agent and take effect.
NOTE: The delay in presenting the new evaluated state depends on the monitoring agent's synchronisation interval
Save and close, save, and close the dialogue.
Cancel, close the dialogue without saving any changes.
Step 5: Configure the Monitor View
Next, add the named Resource to a Monitor View.
- Follow the 'Add or manage Monitor View' user guide.
Example of a Monitor View with errors detected in IIS log files
You can further review the details about the errors by clicking on the Actions button, and then clicking on the Error Report menu item.
This action opens a new modal with a list of all IIS log files where an error is still active (> last clear date-time).
Additional information is available if you expand the row.
TIP: You can ignore old errors; by clicking on the Clear Errors menu item in the Actions button. The Resource is then in the OK state until an entry matching the configuration is later found.
Next Step
Related
Nodinite File Monitoring Agent