Welcome!

Linux Containers Authors: Zakia Bouachraoui, Liz McMillan, Jason Bloomberg, Yeshim Deniz, Elizabeth White

Related Topics: @DevOpsSummit, Java IoT, Linux Containers, Containers Expo Blog, @DXWorldExpo

@DevOpsSummit: Blog Post

JSON Formatting of IIS By @TrevParsons | @DevOpsSummit [#DevOps]

Installing NXLOG is as easy as downloading an MSI and clicking install

How to Implement JSON Formatting of IIS for Analytics and Troubleshooting

Previously, we wrote about setting up a Windows environment to log JSON formatted logs using our Windows Agent or our DataHub.  Now we'll tackle IIS.

IIS, like Windows, has a unique log format that makes it difficult to read, parse, and garner useful information.  The log is a flat file that has a line-per-web hit; similar to Apache or Nginx. But, it's not as easy to format into JSON as Apache and Nginix.

example of IIS log data
Using the tricks we learned formatting Windows Event Logs as JSON we can use the same tools to get IIS into JSON formatted logs, and use our more advanced analytics features.

JSON formatting of IIS

Step 1: Setup NXLOG

If you haven't followed the instructions on getting NXLOG setup on your Windows machine, we need to first install NXLOG. Installing NXLOG is as easy as downloading an MSI and clicking install.

Step 2: Configuration

Similar to the Windows JSON formatting, there are two separate configurations for IIS. Depending on whether or not you're using the Windows Agent from Logentries or the DataHub - your configuration steps will be different.

DataHub/Syslog Configuration

This configuration file will assist in setting up NXLOG to use with the DataHub or direct syslog configuration.

First, copy the downloaded file to the NXLOG configuration path (typically C:\Program Files (x86)\NXLOG\CONF). Then, make the following changes to that file:

  1. If for some reason NXLOG gets installed to C:\Program Files instead of C:\Program Files (x86), you'll need to uncomment the ROOT definition at the start of the config file for the proper installation directory.
  2. Change the EventLog format to mseventlog instead of msvistalog if you're utilizing Windows 2003 or prior.
  3. Update the file location of IIS logs (on line 67 of the configuration file) to point to the location of IIS log files on the system.
  4. Enter in your DataHub IP and Port in the output definition at the bottom of the file.
  5. Start NXLOG from the Services application.

Direct Agent Configuration

Using the Windows Agent in Logentries has the added benefit of sending over system stats as well (CPU, Memory, Network, etc.)  The configuration is similar, but has a few more steps to allow the Windows Agent to follow the JSON converted files.

You'll need to download the NXLOG configuration file to use with the Agent, and place it into your NXLOG installation path.

The NXLOG program acts as a JSON parser in this instance; reading in the IIS and Windows Event Logs and outputting to a flat file the Windows Agent can follow.

You'll need to perform the following steps:

  1. If for some reason NXLOG gets installed to C:\Program Files instead of C:\Program Files (x86), you'll need to uncomment the ROOT definition at the start of the config file for the proper installation directory.
  2. Change the EventLog format to mseventlog instead of msvistalog if you're utilizing Windows 2003 or prior.
  3. Update the file location of IIS logs (on line 67 of the configuration file) to point to the location of IIS log files on the system.
  4. At the bottom of the file is an area where we feed the output file.  Currently it's outputting to both C:\Test\eventlog.txt and C:\Test\iis.txt.  You'll want to change this to a more suitable location that meets your needs.
  5. Start NXLOG from the Services application.
  6. Follow the files defined in step 4 with the Windows Agent - and uncheck the other Windows Event Logs from being followed.

Now, your IIS logs will be visible in JSON inside of Logentries - but even more importantly, the advanced analytics of Logentries can now be applied against your web traffic.

IIS logs formatted in JSON

Using our advanced analytics functions you can use our dashboards and graphs to map out your applications performance, response, and other key performance indicators.

hosts_WIN-BO7C2KRGSSA_iis1_txt___Logentries 2

With our new Community Packs for IIS you can now import all important queries, dashboards, and tags for IIS with a click of a button. The IIS pack contains queries for numbers of 404, average response time, accesses per hour, and more!

Dashboard___Logentries

 

More Stories By Trevor Parsons

Trevor Parsons is Chief Scientist and Co-founder of Logentries. Trevor has over 10 years experience in enterprise software and, in particular, has specialized in developing enterprise monitoring and performance tools for distributed systems. He is also a research fellow at the Performance Engineering Lab Research Group and was formerly a Scientist at the IBM Center for Advanced Studies. Trevor holds a PhD from University College Dublin, Ireland.

IoT & Smart Cities Stories
The challenges of aggregating data from consumer-oriented devices, such as wearable technologies and smart thermostats, are fairly well-understood. However, there are a new set of challenges for IoT devices that generate megabytes or gigabytes of data per second. Certainly, the infrastructure will have to change, as those volumes of data will likely overwhelm the available bandwidth for aggregating the data into a central repository. Ochandarena discusses a whole new way to think about your next...
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
All in Mobile is a place where we continually maximize their impact by fostering understanding, empathy, insights, creativity and joy. They believe that a truly useful and desirable mobile app doesn't need the brightest idea or the most advanced technology. A great product begins with understanding people. It's easy to think that customers will love your app, but can you justify it? They make sure your final app is something that users truly want and need. The only way to do this is by ...
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
DXWorldEXPO LLC announced today that Big Data Federation to Exhibit at the 22nd International CloudEXPO, colocated with DevOpsSUMMIT and DXWorldEXPO, November 12-13, 2018 in New York City. Big Data Federation, Inc. develops and applies artificial intelligence to predict financial and economic events that matter. The company uncovers patterns and precise drivers of performance and outcomes with the aid of machine-learning algorithms, big data, and fundamental analysis. Their products are deployed...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...
Cell networks have the advantage of long-range communications, reaching an estimated 90% of the world. But cell networks such as 2G, 3G and LTE consume lots of power and were designed for connecting people. They are not optimized for low- or battery-powered devices or for IoT applications with infrequently transmitted data. Cell IoT modules that support narrow-band IoT and 4G cell networks will enable cell connectivity, device management, and app enablement for low-power wide-area network IoT. B...
The hierarchical architecture that distributes "compute" within the network specially at the edge can enable new services by harnessing emerging technologies. But Edge-Compute comes at increased cost that needs to be managed and potentially augmented by creative architecture solutions as there will always a catching-up with the capacity demands. Processing power in smartphones has enhanced YoY and there is increasingly spare compute capacity that can be potentially pooled. Uber has successfully ...
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 22nd International Cloud Expo, which will take place on June 5–7, 2018, at the Javits Center in New York City, NY. CrowdReviews.com is a transparent online platform for determining which products and services are the best based on the opinion of the crowd. The crowd consists of Internet users that have experienced products and services first-hand and have an interest in letting other potential buye...
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...