IIS Logs

Overview

Evidence: IIS Logs
Description: Collect IIS Logs
Category: Applications
Platform: windows
Short Name: iisl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes

Background

Internet Information Services (IIS) logs record HTTP/HTTPS requests, responses, and errors for web applications hosted on Windows servers. IIS is Microsoft’s web server platform commonly used in enterprise environments.

Data Collected

This collector gathers structured data about iis logs.

Collection Method

This collector gathers IIS W3C log files from system32 LogFiles, inetpub directories, and resource directories, collecting HTTP access logs and error information.

Forensic Value

IIS logs are critical for detecting web application attacks, SQL injection, cross-site scripting, unauthorized access, and data exfiltration. They provide client IPs, requested URIs, status codes, user agents, and referers.