How to monitor the IIS (W3SVC) log files
Info
This guide will teach you how to monitor the IIS (W3SVC) log files using the Nodinite Log File Parser Monitoring Agent.
Note
This article assumes your IIS uses the W3C Extended Log File Format, the date and time stamp in the IIS log files is in GMT
Before you begin
Ensure you comply with the prerequisites and install the Nodinite Log File Parser Monitoring Agent.
Step 1: Add a new monitoring configuration
To add a new monitoring entry, click the Add button from the Content File tab.
- Enable the configuration
- Name the configuration
- Provide an optional description
- Set the Application ID (You must have a matching entry in the Applications Tab)
Step 2: Set the monitor path
Next, enter the path to where the IIS (W3SVC) log files are located (for example, C:\inetpub\logs\LogFiles\W3SVC1).
- Enter the path
- Enter the RegEx-based filter (
\.log$)
Below is a table with some common RegEx file filter examples:
| Filter | Example | Comment |
|---|---|---|
\.xml$ |
XML Files | All XML files with suffix ".xml" |
\.txt$ |
Text Files | All text files with suffix ".txt" |
^ONLYME\.data$ |
Specific file | Only this file "ONLYME.data" |
^PrefixedFileName.*\.csv$ |
Matching a file name pattern | Files with prefix ^PrefixedFileName, and suffix .csv |
Step 3: Set the start match
Next, enter the start match configuration.
- 'Line contains' (what error codes are we looking for? In this case 4xx and 5xx)
\- \- (4[0-9][02-9]|5[0-9]{2})
Step 4: Set the time-related options
Leave the Clear Date Time field empty for now. This field is populated by the system when an end-user is clearing previous problems.
Select the time option (
Created after Clear Date Time - File time span)Set the 'File time span' field to
1.00:00:00. You may need to tune this setting. This allows files created less than a day ago to be included in the monitoring... however, actual Lines are a smaller subset of this collection of files.Check the 'Lines have a DateTime' checkbox
'Match date' (the date, in this case, the format is 2017-05-17 13:37:00)
^([0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2})
Info
The date is required if you want to ignore previous errors. You can ignore previous errors by clicking the Clear menu item in the Actions button on the Resource.
A RegEx for the Date time is required to understand how to parse the date time for rows in the text file.
6. 'Matched date groups': 1
Save
You must click 'Save' or 'Save and close' for changes to persist. The new settings/thresholds are evaluated on the next synchronization.
Here's an example of the Save options.
Note
The delay in presenting the new evaluated state depends on the monitoring agent's synchronization interval
Save and close, save, and close the dialogue. Cancel, closes the dialogue without saving any changes.
Step 5: Configure the Monitor View
Next, add the named Resource to a Monitor View.
- Follow the 'Add or manage Monitor View' user guide.
Here's an example of a Monitor View with errors detected in IIS log files.
You can further review the details about the errors by clicking on the Actions button, and then clicking on the Error Report menu item.
This action opens a new modal with a list of all IIS log files where an error is still active (> last clear date-time).
Additional information is available if you expand the row.
Tip
You can ignore old errors; by clicking on the Clear Errors menu item in the Actions button. The Resource is then in the OK state until an entry matching the configuration is later found.
Step 6: Manage Diagnostic Log Files
To view the set of diagnostics files included in the Monitoring, click the Actions button, and then, the Show Log file(s) menu item.
Next, a screen presents including a table with all the Nodinite diagnostics log files.
You can perform the following Actions on the diagnostic files:
Next Step
Related
Nodinite File Monitoring Agent