Video Screencast Help
Search Video Help Close Back
to help
Not able to make it to Vision this year? Get a sampling in the Best of Vision on Demand group.

IIS Collector

Updated: 21 May 2010 | 2 comments
Belén del Toro's picture
Belén del Toro
0 0 Votes
Login to vote

Hi,

I'm planning to add to SSIM a collector for IIS FTP.
I've been reading the documentation and have not found where to define the computer's IP addresses. I have more than 100 servers with FTP and can't consider installing and agent per FTP computer.
Which is the correct way to do it?

Thank you.

Discussion Filed Under:
, ,

Comments

Laurent_c's picture
07
Oct
2009
0 Votes 0
Login to vote
Laurent_c
Symantec Employee
Accredited

Hi Belen, The correct way is

Hi Belen,

The correct way is the one you mention, install an agent on each IIS server and configure a sensor to the ftp folder. (if all your FTP server are the same config the product configuration can be shared)

There is a possible way to do this also is to map via windows and pointing each sensor to \\servername\patthtologfile, however you need to be careful with permissions and authentication. Also the traffic to all these web server from the collector machines is netbios which is certainly not allowed as most web servers being normally in DMZ. (and it is never advised to have this kind of traffic into DMZ)

Laurent

DavidZ's picture
09
Oct
2009
1 Vote +1
Login to vote
DavidZ
Symantec Employee
Accredited

Hi Belen, another way can be

Hi Belen,
another way can be :

http://www.microsoft.com/DownLoads/details.aspx?Fa...

     

  • Input Formats are generic record providers; records are equivalent to rows in a SQL table, and Input Formats can be thought of as SQL tables containing the data you want to process.
    Log Parser's built-in Input Formats can retrieve data from the following sources:

     

    • IIS log files (W3C, IIS, NCSA, Centralized Binary Logs, HTTP Error logs, URLScan logs, ODBC logs)
    • Windows Event Log
    • Generic XML, CSV, TSV and W3C - formatted text files (e.g. Exchange Tracking log files, Personal Firewall log files, Windows Media® Services log files, FTP log files, SMTP log files, etc.)
    • Windows Registry
    • Active Directory Objects
    • File and Directory information
    • NetMon .cap capture files
    • Extended/Combined NCSA log files
    • ETW traces
    • Custom plugins (through a public COM interface)

     

     

     

  • A SQL-Like Engine Core processes the records generated by an Input Format, using a dialect of the SQL language that includes common SQL clauses (SELECT, WHERE, GROUP BY, HAVING, ORDER BY), aggregate functions (SUM, COUNT, AVG, MAX, MIN), and a rich set of functions (e.g. SUBSTR, CASE, COALESCE, REVERSEDNS, etc.); the resulting records are then sent to an Output Format.

     

     

  • Output Formats are generic consumers of records; they can be thought of as SQL tables that receive the results of the data processing.
    Log Parser's built-in Output Formats can:

     

    • Write data to text files in different formats (CSV, TSV, XML, W3C, user-defined, etc.)
    • Send data to a SQL database
    • Send data to a SYSLOG server
    • Create charts and save them in either GIF or JPG image files
    • Display data to the console or to the screen"

     

     

that a syslog collector (onbox or remote)  can accept the events. but that the harder way. :)
the agent is more efficient method
David
 

dz

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
270,016