IIS Log Analyzer App with Sumo Logic

Internet Information Services (IIS) for Windows is a web application server that provides centralized web farm management, delegated remote management, and powerful admin tools that support scalable web infrastructure, dynamic caching and compression capabilities, a rich set of diagnostic tools, enhanced server protection, secure content publishing features, and protection from unauthorized access.

When logging is enabled in its web server configuration, IIS generates log data for anything from media streaming to out-of-the-box web applications to custom web applications. Users adopting the open architecture of Microsoft IIS thrive on this log data for critical information about user behavior and web application server activity.

IIS logs contain detailed information about user traffic, including content requests, client access IPs, response codes, client errors, server errors and response times. The Sumo Logic App for IIS centralizes and analyzes your IIS log data, giving you actionable insights in user-friendly dashboards that help you understand your IIS environment.

The Sumo Logic IIS log analysis tool offers the following features:

• Log centralization
• Real-time analytics
• Continuous monitoring and alerts
• Intuitive dashboarding and reporting
• Advanced machine learning

The centralization of application server logs enables searching, proactive monitoring and alerting across your entire infrastructure stack—not just within the IIS environment. The ability to query raw log data and add search queries to dashboards in multiple formats—such as pie charts, line charts, bar charts and more—helps IT teams visualize usage trends and other vital events.

With the Sumo Logic App for IIS, you can easily create and deliver reports on user activity, troubleshooting and issue resolution within your IIS web application server.

Sumo Logic’s IIS log analysis app makes it easy to view common IIS server operations details, such as:

• Requests by server
• Top 10 slowest pages
• Response times in histogram form
• Response throughputs
• Cumulative response time in percentile
• Response codes over time

The Sumo Logic App for IIS logs also provides deep traffic insights into requests made to the server over time, top requests by users, top clients, top apps by request, cumulative user and client requests, and more.

Through the LogReduce® and PushAnalytics technologies, Sumo Logic proactively discovers behaviors and patterns hidden in massive amounts of machine data and alerts customers in real time, delivering both IT value and business insight.

By analyzing IIS logs with Sumo Logic, enterprises get the data they need to tailor their websites and web applications to their customers. They can improve operational posture by quickly troubleshooting and resolving web application and infrastructure issues before they affect their customers, and they can use deep insights to understand where customer engagement falls short.

Capabilities of the Sumo Logic App for IIS Log analysis include:

• Centralizing IIS data effortlessly through a HTTP collector
• Parsing and indexing data in for analysis in real-time
• Visualizing complex transactional relationships
• Troubleshooting production issues in real time
• Gathering application and usage trends and behaviors

As a cloud-based application, Sumo Logic can be deployed in as little as 15 minutes, with no operational overhead. Additionally, with our patented Elastic Log Processing™ indexing and analysis engine, Sumo Logic delivers superior scalability where on-premise solutions fail.

Sumo Logic has validated compliance with the PCI Data Security Standard (DSS) version 3.2 as a “Level 1” service provider for its machine data analytics services. Sumo Logic provides PCI-compliant logging that meets the standard of PCI DSS requirement 10: "Track and monitor all access to network resources and cardholder data."

The purpose of this requirement is to ensure access to your credit card holding systems are monitored at all times, and that in the event of a breach, access and events can be thoroughly traced and blocked. Maintaining 12 months of logs and quickly searching those logs is an enormous task, especially when viewing your entire portfolio of disparate systems across multiple environments, potentially around the world.

The Sumo Logic App for Microsoft IIS captures logs, provides a record of access and events for PCI compliance, helps proactively identify suspicious user behavior, and strengthens your overall security posture.

Once your logs are in the Sumo Logic cloud, you can create reports, dashboards and real-time alerts that notify you of events specific to your PCI environment. Visualizing this data on a geomap also helps to quickly identify incoming requests from unexpected regions that may require further investigation.