Skip to main content
Sumo Logic

Install the IIS Monitors, App, and view the Dashboards

This page provides instructions for installing the IIS monitors, App, as well as examples of each of the App dashboards.

This page provides instructions for installing the IIS App, as well as examples of each of the App dashboards. These instructions assume you have already set up the collection as described in the Collect Logs and Metrics for the IIS App page.

Pre-Packaged Alerts

Sumo Logic has provided out-of-the-box alerts available through Sumo Logic monitors to help you monitor your IIS Server farms. These alerts are built based on metrics and logs datasets and include preset thresholds based on industry best practices and recommendations.

For details on the individual alerts, see this page.

Installing Monitors

  • To install these alerts, you need to have the Manage Monitors role capability.
  • Alerts can be installed by either importing a JSON file or a Terraform script.
Install the monitors by importing a JSON file Method
  1. Download the JSON file that describes the monitors. 
  2. The JSON contains the alerts that are based on Sumo Logic searches that do not have any scope filters and therefore will be applicable to all IIS Server farms, the data for which has been collected via the instructions in the previous sections.  However, if you would like to restrict these alerts to specific farms or environments, update the JSON file by replacing the text webserver_system=iis with ‘<Your Custom Filter>.  

Custom filter examples: 

  1. For alerts applicable only to a specific farm, your custom filter would be:  ‘webserver_farm=iis-standalone.01‘.
  2. For alerts applicable to all farms that start with iis-standalone, your custom filter would be: webserver_system=iis-standalone*.
  3. For alerts applicable to a specific farm within a production environment, your custom filter would be:
    webserver_farm=iis-1 AND environment=standalone (This assumes you have set the optional environment tag while configuring collection).
  4. Go to Manage Data > Alerts > Monitors.
  5. Click Add.
    Add monitors page.png
  6. Click Import and then copy-paste the above JSON to import monitors.
Install the alerts using a Terraform script Method
  1. Generate a Sumo Logic access key and ID.
    Generate an access key and access ID for a user that has the Manage Monitors role capability in Sumo Logic using these instructions. Identify which deployment your Sumo Logic account is in, using this link.
  2. Download and install Terraform 0.13 or later. 
  3. Download the Sumo Logic Terraform package for IIS Server alerts.
    The alerts package is available in the Sumo Logic GitHub repository. You can either download it through the “git clone” command or as a zip file. 

Step 4: Alert Configuration. 
After the package has been extracted, navigate to the package directory terraform-sumologic-sumo-logic-monitor/monitor_packages/IIS/

Edit the IIS.auto.tfvars file and add the Sumo Logic Access Key, Access Id and Deployment from Step 1.

access_id   = "<SUMOLOGIC ACCESS ID>"
access_key  = "<SUMOLOGIC ACCESS KEY>"
environment = "<SUMOLOGIC DEPLOYMENT>"

The Terraform script installs the alerts without any scope filters, if you would like to restrict the alerts to specific farms or environments, update the variable ’iis_data_source’. Custom filter examples: 

  1. A specific farm webserver_farm=iis.standalone.01’.
  2. All farms in an environment environment=standalone'.
  3. For alerts applicable to all farms that start with iis-standalone, your custom filter would be: ‘webserver_farm=iis-standalone*’.
  4. For alerts applicable to a specific farm within a production environment, your custom filter would be: 
    webserver_system=iis-1 and environment=standalone (This assumes you have set the optional environment tag while configuring collection).

All monitors are disabled by default on installation, if you would like to enable all the monitors, set the parameter monitors_disabled to false in this file.

By default, the monitors are configured in a monitor folder called “IIS”, if you would like to change the name of the folder, update the monitor folder name in “folder” key at IIS.auto.tfvars file.

If you would like the alerts to send email or connection notifications, configure these in the file IIS_notifications.auto.tfvars. For configuration examples, refer to the next section.

  1. Email and Connection Notification Configuration Examples
    Modify the file IIS_notifications.auto.tfvars and populate connection_notifications and email_notifications as per below examples.
Pagerduty Connection Example
connection_notifications = [
    {
      connection_type       = "PagerDuty",
      connection_id         = "<CONNECTION_ID>",
      payload_override      = "{\"service_key\": \"your_pagerduty_api_integration_key\",\"event_type\": \"trigger\",\"description\": \"Alert: Triggered {{TriggerType}} for Monitor {{Name}}\",\"client\": \"Sumo Logic\",\"client_url\": \"{{QueryUrl}}\"}",
      run_for_trigger_types = ["Critical", "ResolvedCritical"]
    },
    {
      connection_type       = "Webhook",
      connection_id         = "<CONNECTION_ID>",
      payload_override      = "",
      run_for_trigger_types = ["Critical", "ResolvedCritical"]
    }
  ]

Replace <CONNECTION_ID> with the connection id of the webhook connection. The webhook connection id can be retrieved by calling the Monitors API.

For overriding payload for different connection types, refer to this document.

Email Notifications Example
email_notifications = [
    {
      connection_type       = "Email",
      recipients            = ["abc@example.com"],
      subject               = "Monitor Alert: {{TriggerType}} on {{Name}}",
      time_zone             = "PST",
      message_body          = "Triggered {{TriggerType}} Alert on {{Name}}: {{QueryURL}}",
      run_for_trigger_types = ["Critical", "ResolvedCritical"]
    }
  ]
  1. Install the Alerts
    1. Navigate to the package directory terraform-sumologic-sumo-logic-monitor/monitor_packages/IIS/ and run terraform init. This will initialize Terraform and will download the required components.
    2. Run terraform plan to view the monitors which will be created/modified by Terraform.
    3. Run terraform apply.
  2. Post Installation
    If you haven’t enabled alerts and/or configured notifications through the Terraform procedure outlined above, we highly recommend enabling alerts of interest and configuring each enabled alert to send notifications to other users or services. This is detailed in Step 4 of this document.

Install the Sumo Logic App

This section demonstrates how to install the IIS App.

To install the app:

Locate and install the app you need from the App Catalog. If you want to see a preview of the dashboards included with the app before installing, click Preview Dashboards.

  1. From the App Catalog, search for and select the app. 

  2. Select the version of the service you're using and click Add to Library.

  1. To install the app, complete the following fields.

    1. App Name. You can retain the existing name, or enter a name of your choice for the app.


    2. Data Source. 

      • Choose Enter a Custom Data Filter, and enter a custom IIS Server farm filter. Examples: 

        1. For all IIS Server farms,
          webserver_farm=*.

        2. For a specific farm,
          webserver_farm=iis.dev.01.

        3. Farms within a specific environment,
          webserver_farm=iis.dev.01 and environment=prod
          (This assumes you have set the optional environment tag while configuring collection).

    3. Advanced. Select the Location in Library (the default is the Personal folder in the library), or click New Folder to add a new folder.

    4. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or another folder that you specified. From here, you can share it with your organization. 

Panels will start to fill automatically. It's important to note that each panel slowly fills with data matching the time range query and received since the panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps.

Dashboard Filter with Template Variables 

Template variables provide dynamic dashboards that rescope data on the fly. As you apply variables to troubleshoot through your dashboard, you can view dynamic changes to the data for a fast resolution to the root cause. For more information, see the Filter with template variables help page.

Dashboards

IIS - Overview

The IIS - Overview dashboard provides a high-level view of the performance and integrity of your Microsoft Internet Information Services (IIS) infrastructure. Dashboard panels display visual graphs and detailed information on IIS versions, platforms, and log formats. Panels also show visitor geographic locations, top app requests. OS platforms, response status, response times, and client and server errors.

Use this dashboard to:

  • Get a high-level overview of sites, requests, connect, cache, data received and sent, queue, application pool, client location, client platforms, error and threats identified.
  • Drill Down to specific use cases by clicking on specific panels of interest.

IIS - HTTP Error

The IIS - HTTP Error dashboard provides detailed information on IIS error logging in HTTP. Dashboard panels show details on error events, top client and server IP addresses, top protocol versions, and protocol status. Panels also show information on top reason phrases and verbs associated with HTTP errors, as well as top request details by reason.

Use this dashboard to:

  • Monitor errors logged by HTTP.SYS. The client request may be rejected by HTTP.SYS before it made it to an IIS worker process. In such cases the error is logged in the HTTPERR logs.
  • Identify the reason for failure. Check if the request violated the HTTP protocol, or if there was a WAS/the application pool failure.
  • Correct the error identified to ensure a consistent and satisfactory user experience.

IIS - Performance Snapshot

The IIS - Performance Snapshot dashboard provides detailed information on your IIS infrastructure integrity and performance. Dashboard panels show details on Web Service uptime, active connections, requests, user activity, and total bytes transferred. Panels also provide HTTP Service Request Queues details, such as arrivals, queue size, cache hit rate, and rejection rate.

Use this dashboard to:

  • Monitor incoming request traffic, along with queue size and rejection rate to identify any bottlenecks.
  • Monitor cache hit rates to check how requests are being served. Typically static content has high cache hit rates.
  • Monitor current active connections to track sudden rises in connections. A sudden rise results in increased resource requirements. A sudden rise may also indicate a security attack.
  • Monitor the load on your site by looking into the rate of all the requests and rates based on specific types of HTTP methods, to anticipate resource needs and allocate them accordingly.
  • Monitor Bytes/Files transferred, to check if there is a need to make page content more lightweight, or track the most typically transferred high data content. This can also be an indicator of a potential spike in traffic.

IIS - Performance Trends

The IIS - Performance Trends dashboard provides details on ISS infrastructure trends for requests, active connections, bytes received and sent, files received and sent, queue size, arrival rate, and cache hit rate.

Use this dashboard to:

  • Monitor trends of various metrics to keep track of how requests are served over time and anticipate potential performance bottlenecks.
  • Acquire current performance snapshots of IIS servers. You can drill down to the Performance Snapshot by clicking the Requests Per Sec (All methods) panel.

IIS  - Threat Analysis

The IIS - Threat Analysis dashboard provides high-level views of threats throughout your IIS network. Dashboard panels display visual graphs and detailed information on Threats by Client IP, Threats by Actors, and Threat by Malicious Confidence.

Use this dashboard to:

  • Identify potential threats and indicators of compromise.
  • Monitor if your site is accessed.

IIS - Latency

The IIS - Latency dashboard provides visual graphs and detailed information for the integrity of performance throughout your IIS infrastructure. Dashboard panels show response time averages, cumulative percentiles, histograms, and outliers. Panels also show details for traffic distribution, slowest pages, slowest GET and POST requests, and average redirection time.

IIS - Web Server Operations

The IIS - Web Server Operations dashboard provides visual graphs and detailed information on server operation errors in your IIS infrastructure. Dashboard panels show server errors by the server, server errors over time, server error outliers, and redirections by the server. Panels also show client errors by the server, client error outliers, top URLs with 404 errors, and response codes over time.

IIS - Requests Stats

The IIS - Requests Stats dashboard provides visual graphs and statistics for requests made throughout your IIS infrastructure. Dashboard panels show the number of requests, request methods, request outliers, and requests by server. Panels also show details on GET, PUT, POST, and DELETE requests, as well as requests time compare and unique visitors outlier.

Use this dashboard to:

  • Monitor the load on your site for all requests, based on specific type of HTTP request and by server. This information allows you to efficiently allocate resources.
  • Identify outliers in requests.
  • Analyze request volume trends are against last 7 days to understand business fluctuations.
  • Identify how you are acquiring unique users with unique client outliers, and compare with positive and negative outliers.

IIS - Visitor Access Types

The IIS - Visitor Access Types Dashboard provides insights into visitor platform types, browsers, and operating systems, as well as the most popular mobile devices, PC and Mac versions used.

IIS - Visitor Locations 

The IIS - Visitor Locations Dashboard provides a high-level view of Nginx visitor geographic locations both worldwide and in the United States. Dashboard panels also show graphic trends for visits by country over time and visits by US region over time.

IIS - Visitor Traffic Insights

The IIS - Visitor Traffic Insights Dashboard provides detailed information on the top documents accessed, top referrers, top search terms from popular search engines, and the media types served.

IIS - Application Pool

The IIS - Application Pool dashboard provides a high-level view of Application Pool State, Information and Worker Process Metrics.

IIS - ASP.NET

The IIS - ASP.NET dashboard provides a high-level view of the ASP.NET global performance counters

Use this dashboard to:

  • Analyze State Server Sessions
  • Monitor Applications Information
  • Understand Request execution and wait time

IIS - ASP.NET Applications

The IIS - ASP.NET Applications dashboard provides a high-level view of the ASP.NET application performance counters

Use this dashboard to Monitor the following key metrics:

  • Compilations
  • Errors
  • Cache
  • Requests Executing
  • Requests in Application Queue
  • Pipeline Instance Count
  • Output Cache 

IIS - Cache Performance

The IIS - Cache Performance dashboard provides a high-level view of the the Web Service Cache Counters object includes cache counters specific to the World Wide Web Publishing Service.

Use this dashboard to monitor the following key metrics:

  • Output Cache
  • Cache Memory
  • File Cache
  • URI Cache

IIS - Web Service

The IIS - Web Service dashboard provides a high-level view of the Web Service object includes counters specific to the World Wide Web Publishing Service.

Use this dashboard to monitor the following key metrics:

  • Total Site
  • Connections 
  • Site Uptime
  • Method
  • Miscellaneous