Configuring Microsoft IIS by using the IIS Protocol

You can configure Microsoft IIS Protocol to communicate with QRadar® by using the IIS Protocol.

Before you begin

Before you configure IBM® QRadar with the Microsoft IIS protocol, you must configure your Microsoft IIS Server to generate the correct log format.

The Microsoft IIS Protocol supports only the W3C Extended log file format.

From the list of properties, select check boxes for the following W3C properties:

Table 1. Required Properties for IIS event logs
IIS 6.0 Required Properties	IIS 7.0/7.5 Required Properties	IIS 8.0/8.5 Required Properties	IIS 10 Required Properties
Date (date)	Date (date)	Date (date)	Date (date)
Time (time)	Time (time)	Time (time)	Time (time)
Client IP Address (c-ip)	Client IP Address (c-ip)	Client IP Address (c-ip)	Client IP Address (c-ip)
User Name (cs-username)	User Name (cs-username)	User Name (cs-username)	User Name (cs-username)
Server IP Address (s-ip)	Server IP Address (s-ip)	Server IP Address (s-ip)	Server IP Address (s-ip)
Server Port (s-port)	Server Port (s-port)	Server Port (s-port)	Server Port (s-port)
Method (cs-method)	Method (cs-method)	Method (cs-method)	Method (cs-method)
URI Stem (cs-uri-stem)	URI Stem (cs-uri-stem)	URI Stem (cs-uri-stem)	URI Stem (cs-uri-stem)
URI Query (cs-uri-query)	URI Query (cs-uri-query)	URI Query (cs-uri-query)	URI Query (cs-uri-query)
Protocol Status (sc-status)	Protocol Status (sc-status)	Protocol Status (sc-status)	Protocol Status (sc-status)
Protocol Version (cs-version)	User Agent (cs(User-Agent))	User Agent (cs(User-Agent))	User Agent (cs(User-Agent))
User Agent (cs(User-Agent))

You are now ready to configure the log source in QRadar.