Microsoft IIS

Microsoft Internet Information Services (IIS) is an extensible web server created by Microsoft for use with the Windows NT family of operating systems. It supports HTTP, HTTPS, FTP, FTPS, SMTP, and NNTP.

IIS is a fundamental platform for hosting websites and web applications built on Microsoft technologies, such as ASP.NET. It handles client requests and serves up the corresponding web pages and content. Key features include integrated security and powerful management tools for configuration and monitoring.

Error

"...\IIS\LogFiles\W...] does not exist! "

Root Cause

The connector is configured to read from the old, non-existent path (W3...). Since this is the only path (or the only successful path) it relies on, the connector fails to initialize its file reader and logs stop flowing to the ArcSight platform. Its probably because the customer changed the path of the logs.

🛠️ Troubleshooting Steps (Customer )

To restore log flow, you must identify the new log location on the IIS server and update the ArcSight connector configuration accordingly.

Step 1: Discover the NEW IIS Log Path

1. Access the IIS Server: Log in to the IIS host machine.

2. Open IIS Manager: Launch the Internet Information Services (IIS) Manager console.

3. Locate the Active Site: Navigate to the Sites node and find the website you are trying to monitor.

4. Check Logging Settings: Click on the site, then double-click the Logging feature in the main pane.

5. Identify the Directory: Note the full and exact directory path listed under the "Directory" field. This is the new, correct location where IIS is writing log files.

   • Example of a new path: Logs\W3SVC_ProjectX

Step 2: Update the Connector Configuration via runagentsetup