IIS logs and hardware requirements

Elastic Stack Elasticsearch
1

Hello everyone, I'm new here and I would like to take some questions before using elastic.

  1. Can I collect logs from an IIS 10 website? Which tool do I use? Can I use the opensource version?
  2. If question number 1 is ok, what hardware will I need just to use this daily collection of iis logs?

thanks.

2

Welcome @devagp,

  1. Yes, you can definitely use Elastic for IIS log collection. Imho you will need a basic license (which is free), which has several advantages. Please check https://www.elastic.co/subscriptions for details. You will need at least Elasticsearch, Kibana and Filebeat. See https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-iis.html for more info about the IIS module

One caveat is that the IIS log settings need to be set correct and idential on all IIS servers. Another is that in order to get the forwarded ip (if behind load balancer), you will have to make a small update to the grok pattern used in the ingest pipeline.

  1. Impossible to answer, depends on a lot of unknown variables...

Grtz

Willem

1 Like
3

Thanks... :wink:

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.