Package Contents Explained

This package consists of the following:

Package Contents - Parsers

This package contains the following parsers:

  • iis_access A parser for access logs formatted with a custom W3C format. Tags all events with #logtype = “iis-access-log”.

  • iis_error A parser for the error (HTTPERR) logs. Tags all events with #logtype = “iis-error-log”

Package Contents - Dashboards

Note that you can narrow the dataset used by the widgets to only specific values of certain fields e.g select all (*) or a specific value for common fields, such as server name or in some cases error type etc, using parameters selection at the top of the dashboards.

Once you make parameter selections click Apply and the widgets will update to reflect only the data from the parameters selected. (when you click in the parameters selection all widgets on the dashboard that make use of the parameters have a blue outline to the widget)

This package contains the following Dashboards:

  • Overview A high level overview of how your servers are performing using data from the access logs. It includes e.g. numbers of clients visiting, their locations, and the requests per second for servers.

  • HTTP errors Focuses on the HTTP error codes observed in the access logs and includes breakdowns of 4xx and 5xx errors, variations over time and the servers and clients associated with most errors.

  • Visitor insights Summarises key information from visitors to your web servers/sites, such as the sites referring visitors to your servers, their user agents, and their location. There are also widgets which show if any connection came from client IPs or referrer domains which exist in CrowdStrike’s database of known indicators of compromise (IOC).

  • Error log analysis (HTTPERR) Provides useful information on the operational health of your servers including the top clients and servers associated with error logs, the most common error messages, how error log volumes vary over time and a table of the most common error messages

  • Error log analysis Summary information generated from the Apache error.log messages. Provides useful information on the operational health of your servers including the top clients and servers associated with error logs, the most common error messages, how error log volumes vary over time and a table of the most common error messages. Some of these widgets are best used in conjunction with the parameters selection to focus on a single server.

  • IOC matches for referer domain Provides information for any referer domain matches found in the LogScale IOC database.

  • IOC matches for client IP Provides information for any client IP address matches found in the LogScale IOC database.