I'm fairly new to Nagios Log Server. I've been successful in setting up other dashboards, but I'm having issues setting up the IIS Dashboard.
I've added the modifications to the .conf file:
Code: Select all
# Create the parse rule for IIS logs. You can copy these from the header of the IIS log file.
<Extension w3c>
Module xm_csv
Fields $date, $time, $s-sitename, $s-computername, $s-ip, $cs-method, $cs-uri-stem, $cs-uri-query, $s-port, $cs-username, $c-ip, $csUser-Agent, $cs-Referer, $sc-status, $sc-substatus, $sc-win32-status, $time-taken
FieldTypes string, string, string, string, string, string, string, string, integer, string, string, string, string, integer, integer, integer, integer
Delimiter ' '
QuoteChar '"'
EscapeControl FALSE
UndefValue -
</Extension>
# Convert the IIS logs to JSON and use the original event time
<Input IIS_Site>
Module im_file
File "D:\\Logs\\IIS\\devcorps\\W3SVC34\\u_ex*"
SavePos TRUE
Exec if $raw_event =~ /^#/ drop(); \
else \
{ \
w3c->parse_csv(); \
$SourceName = "IIS"; \
$Message = $raw_event; \
}
Code: Select all
<Output IIS-out>
Module om_tcp
Host xxx.xxx.xxx.xxx
Port 5142
Exec $tmpmessage = $Message; delete($Message); rename_field("tmpmessage","message");
Exec $raw_event = to_json();
# Uncomment for debug output
# Exec file_write('%ROOT%\data\nxlog_output.log', $raw_event + "\n");
</Output>
<Route IIS>
Path IIS_Site => IIS-out
</Route>
Code: Select all
tcp {
type => 'IIS_requests'
tags => 'IIS_requests'
port => 5142
codec => json
}
Code: Select all
if [type] == 'IIS_Requests' {
grok {
match => ['message', '%{DATESTAMP:timestamp} %{IPORHOST:hostip} %{WORD:method} %{URIPATH:request} (?:%{NOTSPACE:param}|-) %{NUMBER:port} (?:%{USER:username}|-) %{IPORHOST:clientip} (?:%{NOTSPACE:agent}|-) - %{NUMBER:response} %{NUMBER:status} %{NUMBER:sub-status} %{NUMBER:time-taken}']
}
date {
match => ["timestamp", "yyyy-MM-dd HH:mm:ss"]
}
geoip {
source => "c-ip"
}
}
Code: Select all
[root@FT-NagiosLS logstash]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: ssh dhcpv6-client
ports: 80/tcp 443/tcp 9300-9400/tcp 3515/tcp 5544/tcp 2056/tcp 2057/tcp 5544/udp 5142/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Thanks