FIlebeat IIS module

Hi there,

We're using filebeat with great succes for most of our logging but we've received a new request from within the organisation. They want to ingest the IIS logs from our Windows Server 2016 machine but even though i have enabled the IIS module under the modules.d folder, they are not actually getting picked up apparently. In the filebeat logging i can see the following log lines:

Harvester started for file: C:\inetpub\logs\LogFiles\W3SVC18\u_ex211231_x.log
(Not going to copy all of it seeing as we got a ton of IIS logging but you get the idea.)

This is a good sign one might think but after a while is just closes the file without actually pushing it. So i thought that it might be because the file is just old so i let Filebeat run for a couple of days but nothing from IIS is being pushed unfortunately.

Does anyone have an idea?

Thanks!

Kind regards,

Rick

hello @rckvwijk

indeed posting the logs would be helpful in order to troubleshoot the problem.

could you enable debug log level and share them?

There can be multiple reasons why the file is not ingested, without the log there's no clue to understand what's the problem

Best regards

Hi there,

Thanks for the fast response! And i understand, i've created a log file in DEBUG mode for you.

Rick

Log lines:

2021-12-31T15:56:44.079+0100 DEBUG [input] file/states.go:68 New state added for C:\inetpub\logs\LogFiles\W3SVC3\u_ex211214_x.log
2021-12-31T15:56:44.079+0100 DEBUG [input] log/input.go:199 input with previous states loaded: 764
2021-12-31T15:56:44.079+0100 INFO log/input.go:157 Configured paths: [C:\inetpub\logs\LogFiles**.log]
2021-12-31T15:56:44.084+0100 DEBUG [input] log/config.go:207 recursive glob enabled
2021-12-31T15:56:44.084+0100 DEBUG [input] log/input.go:169 exclude_files: [(?-s:.)gz(?-m:$)]. Number of states: 1090
2021-12-31T15:56:44.084+0100 DEBUG [input] file/states.go:68 New state added for c:\Windows\System32\LogFiles\HTTPERR\httperr29.log
2021-12-31T15:56:44.084+0100 DEBUG [input] file/states.go:68 New state added for c:\Windows\System32\LogFiles\HTTPERR\httperr34.log
2021-12-31T15:56:44.084+0100 DEBUG [input] file/states.go:68 New state added for c:\Windows\System32\LogFiles\HTTPERR\httperr30.log
2021-12-31T15:56:44.084+0100 DEBUG [input] file/states.go:68 New state added for c:\Windows\System32\LogFiles\HTTPERR\httperr32.log
2021-12-31T15:56:44.085+0100 DEBUG [input] file/states.go:68 New state added for c:\Windows\System32\LogFiles\HTTPERR\httperr31.log
2021-12-31T15:56:44.085+0100 DEBUG [input] file/states.go:68 New state added for c:\Windows\System32\LogFiles\HTTPERR\httperr33.log
2021-12-31T15:56:44.085+0100 DEBUG [input] log/input.go:199 input with previous states loaded: 6
2021-12-31T15:56:44.085+0100 INFO log/input.go:157 Configured paths: [c:\Windows\System32\LogFiles\HTTPERR*.log]
2021-12-31T15:56:44.085+0100 INFO [crawler] beater/crawler.go:108 Loading and starting Inputs completed. Enabled inputs: 0
2021-12-31T15:56:44.085+0100 INFO cfgfile/reload.go:164 Config reloader started
2021-12-31T15:56:44.085+0100 DEBUG [cfgfile] cfgfile/reload.go:194 Scan for new config files
2021-12-31T15:56:44.086+0100 DEBUG [cfgfile] cfgfile/cfgfile.go:193 Load config from file: C:\ProgramData\chocolatey\lib\filebeat\tools\modules.d\iis.yml
2021-12-31T15:56:44.086+0100 DEBUG [cfgfile] cfgfile/reload.go:213 Number of module configs found: 1
2021-12-31T15:56:44.086+0100 DEBUG [reload] cfgfile/list.go:63 Starting reload procedure, current runners: 0
2021-12-31T15:56:44.086+0100 DEBUG [reload] cfgfile/list.go:81 Start list: 1, Stop list: 0
2021-12-31T15:56:44.094+0100 DEBUG [processors] processors/processor.go:120 Generated new processors: add_fields={"ecs":{"version":"1.8.0"}}
2021-12-31T15:56:44.095+0100 DEBUG [input] log/config.go:207 recursive glob enabled
2021-12-31T15:56:44.095+0100 DEBUG [input] log/input.go:169 exclude_files: [(?-s:.)gz(?-m:$)]. Number of states: 1090
2021-12-31T15:56:44.095+0100 DEBUG [input] file/states.go:68 New state added for C:\inetpub\logs\LogFiles\W3SVC2\u_ex211213_x.log
2021-12-31T15:56:44.095+0100 DEBUG [acker] beater/acker.go:59 stateful ack {"count": 1}
2021-12-31T15:56:44.096+0100 DEBUG [registrar] registrar/registrar.go:264 Processing 1 events
2021-12-31T15:56:44.096+0100 DEBUG [publisher] pipeline/client.go:231 Pipeline client receives callback 'onFilteredOut' for event: {Timestamp:0001-01-01 00:00:00 +0000 UTC Meta:null Fields:null Private:{Id:native::489357312-121438-4039310828 PrevId: Finished:true Fileinfo: Source:C:\inetpub\logs\LogFiles\W3SVC2\u_ex211213_x.log Offset:3719985 Timestamp:2021-12-31 15:56:30.5501384 +0100 CET TTL:-1ns Type:log Meta:map FileStateOS:489357312-121438-4039310828 IdentifierName:native} TimeSeries:false}
2021-12-31T15:56:44.096+0100 DEBUG [registrar] registrar/registrar.go:231 Registrar state updates processed. Count: 1
2021-12-31T15:56:44.096+0100 DEBUG [input] file/states.go:68 New state added for C:\inetpub\logs\LogFiles\W3SVC11\u_ex211219_x.log
2021-12-31T15:56:44.096+0100 DEBUG [acker] beater/acker.go:59 stateful ack {"count": 1}
2021-12-31T15:56:44.096+0100 DEBUG [registrar] registrar/registrar.go:254 Registrar states cleaned up. Before: 1090, After: 1090, Pending: 0
2021-12-31T15:56:44.096+0100 DEBUG [publisher] pipeline/client.go:231 Pipeline client receives callback 'onFilteredOut' for event: {Timestamp:0001-01-01 00:00:00 +0000 UTC Meta:null Fields:null Private:{Id:native::214761472-161551-4039310828 PrevId: Finished:true Fileinfo: Source:C:\inetpub\logs\LogFiles\W3SVC11\u_ex211219_x.log Offset:2188138 Timestamp:2021-12-31 15:56:30.5501384 +0100 CET TTL:-1ns Type:log Meta:map FileStateOS:214761472-161551-4039310828 IdentifierName:native} TimeSeries:false}
2021-12-31T15:56:44.096+0100 DEBUG [input] file/states.go:68 New state added for C:\inetpub\logs\LogFiles\W3SVC28\u_ex211225_x.log
2021-12-31T15:56:44.096+0100 DEBUG [acker] beater/acker.go:59 stateful ack {"count": 1}
2021-12-31T15:56:44.096+0100 DEBUG [registrar] registrar/registrar.go:201 Registry file updated. 1090 active states.
2021-12-31T15:56:44.150+0100 DEBUG [registrar] registrar/registrar.go:264 Processing 1 events
2021-12-31T15:56:44.150+0100 DEBUG [registrar] registrar/registrar.go:231 Registrar state updates processed. Count: 1
2021-12-31T15:56:44.150+0100 DEBUG [publisher] pipeline/client.go:231 Pipeline client receives callback 'onFilteredOut' for event: {Timestamp:0001-01-01 00:00:00 +0000 UTC Meta:null Fields:null Private:{Id:native::44892160-170712-4039310828 PrevId: Finished:true Fileinfo: Source:C:\inetpub\logs\LogFiles\W3SVC28\u_ex211225_x.log Offset:5254586 Timestamp:2021-12-31 15:56:30.5501384 +0100 CET TTL:-1ns Type:log Meta:map FileStateOS:44892160-170712-4039310828 IdentifierName:native} TimeSeries:false}
2021-12-31T15:56:44.150+0100 DEBUG [registrar] registrar/registrar.go:254 Registrar states cleaned up. Before: 1090, After: 1090, Pending: 0
2021-12-31T15:56:44.150+0100 DEBUG [input] file/states.go:68 New state added for C:\inetpub\logs\LogFiles\W3SVC7\u_ex211206_x.log
2021-12-31T15:56:44.150+0100 DEBUG [acker] beater/acker.go:59 stateful ack {"count": 1}
2021-12-31T15:56:44.151+0100 DEBUG [registrar] registrar/registrar.go:201 Registry file updated. 1090 active states.
2021-12-31T15:56:44.186+0100 DEBUG [registrar] registrar/registrar.go:264 Processing 1 events
2021-12-31T15:56:44.186+0100 DEBUG [registrar] registrar/registrar.go:231 Registrar state updates processed. Count: 1
2021-12-31T15:56:44.186+0100 DEBUG [registrar] registrar/registrar.go:254 Registrar states cleaned up. Before: 1090, After: 1090, Pending: 0
2021-12-31T15:56:44.187+0100 DEBUG [publisher] pipeline/client.go:231 Pipeline client receives callback 'onFilteredOut' for event: {Timestamp:0001-01-01 00:00:00 +0000 UTC Meta:null Fields:null Private:{Id:native::990576640-9328-4039310828 PrevId: Finished:true Fileinfo: Source:C:\inetpub\logs\LogFiles\W3SVC7\u_ex211206_x.log Offset:623 Timestamp:2021-12-31 15:56:30.5501384 +0100 CET TTL:-1ns Type:log Meta:map FileStateOS:990576640-9328-4039310828 IdentifierName:native} TimeSeries:false}
2021-12-31T15:56:44.187+0100 DEBUG [registrar] registrar/registrar.go:201 Registry file updated. 1090 active states.
2021-12-31T15:56:44.187+0100 DEBUG [input] file/states.go:68 New state added for C:\inetpub\logs\LogFiles\W3SVC1\u_ex211128_x.log
2021-12-31T15:56:44.187+0100 DEBUG [acker] beater/acker.go:59 stateful ack {"count": 1}
2021-12-31T15:56:44.220+0100 DEBUG [registrar] registrar/registrar.go:264 Processing 1 events
2021-12-31T15:56:44.220+0100 DEBUG [publisher] pipeline/client.go:231 Pipeline client receives callback 'onFilteredOut' for event: {Timestamp:0001-01-01 00:00:00 +0000 UTC Meta:null Fields:null Private:{Id:native::78118912-123112-4039310828 PrevId: Finished:true Fileinfo: Source:C:\inetpub\logs\LogFiles\W3SVC1\u_ex211128_x.log Offset:140024 Timestamp:2021-12-31 15:56:30.5501384 +0100 CET TTL:-1ns Type:log Meta:map FileStateOS:78118912-123112-4039310828 IdentifierName:native} TimeSeries:false}
2021-12-31T15:56:44.220+0100 DEBUG [input] file/states.go:68 New state added for C:\inetpub\logs\LogFiles\W3SVC3\u_ex211228_x.log
2021-12-31T15:56:44.220+0100 DEBUG [registrar] registrar/registrar.go:231 Registrar state updates processed. Count: 1
2021-12-31T15:56:44.220+0100 DEBUG [acker] beater/acker.go:59 stateful ack {"count": 1}
2021-12-31T15:56:44.221+0100 DEBUG [registrar] registrar/registrar.go:254 Registrar states cleaned up. Before: 1090, After: 1090, Pending: 0
2021-12-31T15:56:44.221+0100 DEBUG [registrar] registrar/registrar.go:201 Registry file updated. 1090 active states.
2021-12-31T15:56:44.257+0100 DEBUG [registrar] registrar/registrar.go:264 Processing 1 events
2021-12-31T15:56:44.257+0100 DEBUG [registrar] registrar/registrar.go:231 Registrar state updates processed. Count: 1
2021-12-31T15:56:44.257+0100 DEBUG [registrar] registrar/registrar.go:254 Registrar states cleaned up. Before: 1090, After: 1090, Pending: 0
2021-12-31T15:56:44.257+0100 DEBUG [publisher] pipeline/client.go:231 Pipeline client receives callback 'onFilteredOut' for event: {Timestamp:0001-01-01 00:00:00 +0000 UTC Meta:null Fields:null Private:{Id:native::8847360-121945-4039310828 PrevId: Finished:true Fileinfo: Source:C:\inetpub\logs\LogFiles\W3SVC3\u_ex211228_x.log Offset:5095786 Timestamp:2021-12-31 15:56:30.5501384 +0100 CET TTL:-1ns Type:log Meta:map FileStateOS:8847360-121945-4039310828 IdentifierName:native} TimeSeries:false}
2021-12-31T15:56:44.257+0100 DEBUG [input] file/states.go:68 New state added for C:\inetpub\logs\LogFiles\W3SVC4\u_ex211224_x.log

I can see that the events are filtered out (ie: not published):

2021-12-31T15:56:44.220+0100 DEBUG [publisher] pipeline/client.go:231 Pipeline client receives callback 'onFilteredOut' for event

What version of Filebeat are you using?

Could you share the content of C:\inetpub\logs\LogFiles\W3SVC7\u_ex211206_x.log from offset 623?

Hi there,

We're using FIlebeat 7.12.0 and here's the log:

#Software: Microsoft Internet Information Services 10.0
#Version: 1.0
#Date: 2021-12-06 07:01:39
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken x-forwarded-for foo
2021-12-06 07:01:36 W3SVC7 127.0.0.1 HEAD- 443 - 127.0.0.1 HTTP/1.1 - - - 500 0 0 856 99 19293 - -
2021-12-06 07:01:36 W3SVC7 127.0.0.1 HEAD / - 443 - 127.0.0.1 HTTP/1.1 - - - 500 0 0 856 82 3 - -

Hi,

Do you an update for me by any chance?

Kind regards.

hello @rckvwijk

is this the entry starting from offset 623?

do you have any of the logs entries ingested or nothing at all?

Hi Andrea,

This was the whole log file, i've only removed some certain stuff about the application itself (endpoints) and that's it. But i can check if i can find a more complete log.

hi @rckvwijk

since the offset is related to the exact content of the file it's hard without being able to match the given number with the exact content

do you have any of the logs entries ingested or nothing at all?

it seems that at offset 623 there might be an empty line, and that's the reason why it's filtered out

the previous content probably have a state already and it is skipped. do you have ingested log entries?

if it's possible without messing up your current environment (are you running on a test env or a production one? in the second case I would not suggest to do) you can try to remove the content from /data/registry/ under the set up filebeat --path.home

this will reset the registry state resulting in every file to be considered as never ingested.
you can also inspect /data/registry/filebat/log.json to check if there's any entry related to the files that seems to not be ingested

Hi Andrea,

Unfortunately it's a production machine and the filebeat instance is also used to ingest application logs which are kind of unmissable if you get what i mean. But i did go through the log.json file and i can see that there no IIS logs being picked up eventhough the regular log file is saying:
Harvester started for file: C:\inetpub\logs\LogFiles\W3SVC29\u_ex220105_x.log

This is the actual file:

#Software: Microsoft Internet Information Services 10.0
#Version: 1.0
#Date: 2022-01-05 00:01:02
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken x-forwarded-for foo
2022-01-05 00:00:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 110 54.93.255.84 -
2022-01-05 00:03:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 00:06:02 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 780 54.93.255.84 -
2022-01-05 00:08:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 134 54.93.255.84 -
2022-01-05 00:11:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 352 54.93.255.84 -
2022-01-05 00:14:02 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 666 54.93.255.84 -
2022-01-05 00:16:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 212 54.93.255.84 -
2022-01-05 00:19:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 158 54.93.255.84 -
2022-01-05 00:22:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 130 54.93.255.84 -
2022-01-05 00:24:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 00:27:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 158 54.93.255.84 -
2022-01-05 00:30:02 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 385 54.93.255.84 -
2022-01-05 00:32:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 118 54.93.255.84 -
2022-01-05 00:35:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 131 54.93.255.84 -
2022-01-05 00:38:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 126 54.93.255.84 -
2022-01-05 00:40:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 110 54.93.255.84 -
2022-01-05 00:43:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 108 54.93.255.84 -
2022-01-05 00:46:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 224 54.93.255.84 -
2022-01-05 00:48:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 133 54.93.255.84 -
2022-01-05 00:51:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 98 54.93.255.84 -
2022-01-05 00:54:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 105 54.93.255.84 -
2022-01-05 00:56:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 121 54.93.255.84 -
2022-01-05 00:59:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 01:02:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 150 54.93.255.84 -
2022-01-05 01:04:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 118 54.93.255.84 -
2022-01-05 01:07:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 93 54.93.255.84 -
2022-01-05 01:10:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 01:12:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 94 54.93.255.84 -
2022-01-05 01:15:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 104 54.93.255.84 -
2022-01-05 01:18:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 106 54.93.255.84 -
2022-01-05 01:20:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 01:23:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 170 54.93.255.84 -
2022-01-05 01:26:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 01:28:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 01:31:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 99 54.93.255.84 -
2022-01-05 01:34:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 93 54.93.255.84 -
2022-01-05 01:36:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 97 54.93.255.84 -
2022-01-05 01:39:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 98 54.93.255.84 -
2022-01-05 01:42:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 108 54.93.255.84 -
2022-01-05 01:44:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 93 54.93.255.84 -
2022-01-05 01:47:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 100 54.93.255.84 -
2022-01-05 01:50:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 92 54.93.255.84 -
2022-01-05 01:52:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 103 54.93.255.84 -
2022-01-05 01:55:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 103 54.93.255.84 -
2022-01-05 01:58:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 107 54.93.255.84 -
2022-01-05 02:00:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 104 54.93.255.84 -
2022-01-05 02:03:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 103 54.93.255.84 -
2022-01-05 02:06:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 104 54.93.255.84 -
2022-01-05 02:08:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 104 54.93.255.84 -
2022-01-05 02:11:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 118 54.93.255.84 -
2022-01-05 02:14:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 02:16:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 92 54.93.255.84 -
2022-01-05 02:19:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 110 54.93.255.84 -
2022-01-05 02:22:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 100 54.93.255.84 -
2022-01-05 02:24:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 91 54.93.255.84 -
2022-01-05 02:27:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 105 54.93.255.84 -
2022-01-05 02:30:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 121 54.93.255.84 -
2022-01-05 02:32:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 110 54.93.255.84 -
2022-01-05 02:35:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 112 54.93.255.84 -
2022-01-05 02:38:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 115 54.93.255.84 -
2022-01-05 02:40:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 121 54.93.255.84 -
2022-01-05 02:43:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 114 54.93.255.84 -
2022-01-05 02:46:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 103 54.93.255.84 -
2022-01-05 02:48:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 108 54.93.255.84 -
2022-01-05 02:51:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 111 54.93.255.84 -
2022-01-05 02:54:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 02:56:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 02:59:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 107 54.93.255.84 -
2022-01-05 03:02:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 113 54.93.255.84 -
2022-01-05 03:04:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 96 54.93.255.84 -
2022-01-05 03:07:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 97 54.93.255.84 -
2022-01-05 03:10:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 103 54.93.255.84 -
2022-01-05 03:12:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 101 54.93.255.84 -
2022-01-05 03:15:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 105 54.93.255.84 -
2022-01-05 03:18:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 117 54.93.255.84 -
2022-01-05 03:20:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 106 54.93.255.84 -
2022-01-05 03:23:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 88 54.93.255.84 -
2022-01-05 03:26:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 93 54.93.255.84 -
2022-01-05 03:28:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 93 54.93.255.84 -
2022-01-05 03:31:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 104 54.93.255.84 -
2022-01-05 03:34:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 102 54.93.255.84 -
2022-01-05 03:36:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 115 54.93.255.84 -
2022-01-05 03:39:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 105 54.93.255.84 -
2022-01-05 03:42:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 104 54.93.255.84 -
2022-01-05 03:44:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 103 54.93.255.84 -
2022-01-05 03:47:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 99 54.93.255.84 -
2022-01-05 03:50:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 107 54.93.255.84 -
2022-01-05 03:52:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 113 54.93.255.84 -
2022-01-05 03:55:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 122 54.93.255.84 -
2022-01-05 03:58:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 105 54.93.255.84 -
2022-01-05 04:00:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 104 54.93.255.84 -
2022-01-05 04:03:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 103 54.93.255.84 -
2022-01-05 04:06:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 04:08:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 107 54.93.255.84 -
2022-01-05 04:11:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 04:14:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 04:16:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 123 54.93.255.84 -
2022-01-05 04:19:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 110 54.93.255.84 -
2022-01-05 04:22:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 95 54.93.255.84 -
2022-01-05 04:24:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 04:27:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 04:30:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 106 54.93.255.84 -
2022-01-05 04:32:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 124 54.93.255.84 -
2022-01-05 04:35:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 92 54.93.255.84 -
2022-01-05 04:38:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 04:40:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 99 54.93.255.84 -
2022-01-05 04:43:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 04:46:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 04:48:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 102 54.93.255.84 -
2022-01-05 04:51:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 116 54.93.255.84 -
2022-01-05 04:54:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 93 54.93.255.84 -
2022-01-05 04:56:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 04:59:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 100 54.93.255.84 -
2022-01-05 05:02:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 110 54.93.255.84 -
2022-01-05 05:04:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 112 54.93.255.84 -
2022-01-05 05:07:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 05:10:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 107 54.93.255.84 -
2022-01-05 05:12:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 93 54.93.255.84 -
2022-01-05 05:15:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 95 54.93.255.84 -
2022-01-05 05:18:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 119 54.93.255.84 -
2022-01-05 05:20:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 110 54.93.255.84 -
2022-01-05 05:23:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 100 54.93.255.84 -
2022-01-05 05:26:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 117 54.93.255.84 -
2022-01-05 05:28:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 110 54.93.255.84 -
2022-01-05 05:31:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 05:34:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 05:36:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 05:39:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 93 54.93.255.84 -
2022-01-05 05:42:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 94 54.93.255.84 -
2022-01-05 05:44:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 130 54.93.255.84 -
2022-01-05 05:47:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 94 54.93.255.84 -
2022-01-05 05:50:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 111 54.93.255.84 -
2022-01-05 05:52:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 107 54.93.255.84 -
2022-01-05 05:55:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 05:58:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 06:00:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 112 54.93.255.84 -
2022-01-05 06:03:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 112 54.93.255.84 -
2022-01-05 06:06:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 103 54.93.255.84 -
2022-01-05 06:08:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 112 54.93.255.84 -
2022-01-05 06:11:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 104 54.93.255.84 -
2022-01-05 06:14:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 116 54.93.255.84 -
2022-01-05 06:16:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 94 54.93.255.84 -
2022-01-05 06:19:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 06:22:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 06:24:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 93 54.93.255.84 -
2022-01-05 06:27:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 110 54.93.255.84 -
2022-01-05 06:30:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 111 54.93.255.84 -
2022-01-05 06:32:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 104 54.93.255.84 -
2022-01-05 06:35:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 108 54.93.255.84 -
2022-01-05 06:38:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 108 54.93.255.84 -
2022-01-05 06:40:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 06:43:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 06:46:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 06:48:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 06:51:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 115 54.93.255.84 -
2022-01-05 06:54:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 108 54.93.255.84 -
2022-01-05 06:56:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 97 54.93.255.84 -
2022-01-05 06:59:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 07:02:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 93 54.93.255.84 -
2022-01-05 07:04:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 111 54.93.255.84 -
2022-01-05 07:07:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 93 54.93.255.84 -
2022-01-05 07:10:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 07:12:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 105 54.93.255.84 -
2022-01-05 07:15:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 101 54.93.255.84 -
2022-01-05 07:18:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 119 54.93.255.84 -
2022-01-05 07:20:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 104 54.93.255.84 -
2022-01-05 07:23:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 125 54.93.255.84 -
2022-01-05 07:26:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 07:28:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 94 54.93.255.84 -
2022-01-05 07:31:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 07:34:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 111 54.93.255.84 -
2022-01-05 07:36:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 07:39:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 07:42:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 104 54.93.255.84 -
2022-01-05 07:44:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 96 54.93.255.84 -
2022-01-05 07:47:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 07:50:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 117 54.93.255.84 -
2022-01-05 07:52:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 108 54.93.255.84 -
2022-01-05 07:55:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 97 54.93.255.84 -
2022-01-05 07:58:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 08:00:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 08:03:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 93 54.93.255.84 -
2022-01-05 08:06:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 99 54.93.255.84 -
2022-01-05 08:08:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 108 54.93.255.84 -
2022-01-05 08:11:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 08:14:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 08:16:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 08:19:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 08:22:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 94 54.93.255.84 -
2022-01-05 08:24:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 108 54.93.255.84 -
2022-01-05 08:27:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 128 54.93.255.84 -
2022-01-05 08:30:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 115 54.93.255.84 -
2022-01-05 08:32:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 123 54.93.255.84 -
2022-01-05 08:35:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 103 54.93.255.84 -
2022-01-05 08:38:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 95 54.93.255.84 -
2022-01-05 08:40:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 97 54.93.255.84 -
2022-01-05 08:43:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 109 54.93.255.84 -
2022-01-05 08:46:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 112 54.93.255.84 -
2022-01-05 08:48:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 125 54.93.255.84 -
2022-01-05 08:51:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 107 54.93.255.84 -
2022-01-05 08:54:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 113 54.93.255.84 -
2022-01-05 08:56:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 107 54.93.255.84 -
2022-01-05 08:59:21 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 107 54.93.255.84 -
2022-01-05 09:02:01 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 114 54.93.255.84 -
2022-01-05 09:04:41 W3SVC29 172.30.17.1 GET / - 443 - 172.30.19.10 HTTP/1.1 heartbeat - - 302 0 0 772 207 93 54.93.255.84 -

But i'm not seeing the file in Kibana unfortunately .. i did remove the actual URL name.

Hopefully you can help us further!

Kind regards,
Rick

Minor update, now i'm seeing this in the log.json:
{"k":"filebeat::logs::native::107741184-128951-4039310828","v":{"id":"native::107741184-128951-4039310828","offset":1401071,"ttl":-1,"identifier_name":"native","prev_id":"","source":"C:\inetpub\logs\LogFiles\W3SVC9\u_ex220105_x.log","timestamp":[258391817160,1641374659],"type":"log","FileStateOS":{"idxlo":128951,"vol":4039310828,"idxhi":107741184}}}

@rckvwijk
the entry in log.json indicates that C:\inetpub\logs\LogFiles\W3SVC9\u_ex220105_x.log was parsed and set a status for in the registry. current offset is 1401071, next time Filebeat will scan the file it will start from there.

The problem seems to be that the log format does not match any of the supported grok pattern in the module: beats/pipeline.yml at master · elastic/beats · GitHub

You should change what you have as

#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken x-forwarded-for foo

To

#Fields: date time s-sitename s-computername s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken x-forwarded-for

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.