Configure Ingest for Microsoft IIS Server

This package is designed to be used in conjunction with the Falcon LogScale Log Collector, see Configuring Falcon Logscale Collector for more information.

Once you have installed the Log Collector apply the configuration detailed below. but be sure to edit the log file locations on the lines `include:` if needed and enter your LogScale URL and ingest token. This configuration was tested with

This configuration was tested with:

  • IIS v10

  • Falcon LogScale Collector v1.2.0

  • Falcon LogScale v1.72.0

sources:
  access_log:
    type: file
    include: C:\inetpub\Logs\LogFiles\W3SVC*\u_ex*.log
    parser: "microsoft/iis:iis_access"
    sink: humio
  http_error_log:
    type: file
    include: C:\Windows\System32\LogFiles\HTTPERR\*.*
    parser: "microsoft/iis:iis_http_error"
    sink: humio

sinks:
  humio:
    type: humio
    token: <ingest-token>
    url: <logscale-base-url> // example - https://cloud.community.humio.com