Skip to content

Commit

Permalink
Merge pull request #40 from observIQ/microsoft-iis
Browse files Browse the repository at this point in the history
Added microsoft iis
  • Loading branch information
jmwilliams89 authored Aug 17, 2020
2 parents 821fbb2 + 1dc5dab commit 24d6826
Showing 1 changed file with 43 additions and 0 deletions.
43 changes: 43 additions & 0 deletions plugins/microsoft_iis.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
# Plugin Info
version: 0.0.1
title: Microsoft IIS
description: Log parser for Microsoft IIS
parameters:
file_path:
label: Log Path
description: The absolute path to the Microsoft IIS logs
type: string
default: "C:/inetpub/logs/LogFiles/W3SVC*/**/*.log"
start_at:
label: Start At
description: Start reading file from 'beginning' or 'end'
type: enum
valid_values:
- beginning
- end
default: end

# Set Defaults
{{$file_path := default "C:/inetpub/logs/LogFiles/W3SVC*/**/*.log" .file_path}}
{{$start_at := default "end" .start_at}}

# Pipeline Template
pipeline:
- id: microsoft_iis_input
type: file_input
include:
- {{ $file_path }}
multiline:
line_start_pattern: \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} [\d+.]+
start_at: {{ $start_at }}
labels:
log_type: microsoft_iis
output: microsoft_iis_parser

- id: microsoft_iis_parser
type: regex_parser
regex: '^(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}) (?P<server_ip>[\d+.]+) (?P<request_method>[A-Z]+) (?P<uri_stem>[^ ]+) (?P<uri_query>[^ ]+) (?P<server_port>\d+) (?P<username>[^ ]+) (?P<client_ip>[\d+.]+) (?P<user_agent>[^ ]+) (?P<referer>[^ ]+) (?P<http_status>\d+) (?P<http_sub_status>\d+) (?P<win32_status>\d+) (?P<time_taken>\d+)'
timestamp:
parse_from: timestamp
layout: '%Y-%m-%d %H:%M:%S'
output: {{.output}}

0 comments on commit 24d6826

Please sign in to comment.