Configure Ingest for Microsoft IIS Server

This package is designed to be used in conjunction with the Falcon LogScale Log Collector, see Configuring Falcon Logscale Collector for more information.

Once you have installed the Log Collector apply the configuration detailed below. but be sure to edit the log file locations on the lines `include:` if needed and enter your LogScale URL and ingest token. This configuration was tested with

This configuration was tested with:

  • IIS v10

  • Falcon LogScale Collector v1.2.0

  • Falcon LogScale v1.72.0

    type: file
    include: C:\inetpub\Logs\LogFiles\W3SVC*\u_ex*.log
    parser: "microsoft/iis:iis_access"
    sink: humio
    type: file
    include: C:\Windows\System32\LogFiles\HTTPERR\*.*
    parser: "microsoft/iis:iis_http_error"
    sink: humio

    type: humio
    token: <ingest-token>
    url: <logscale-base-url> // example -