Skip to content

How to collect IIS Logs with CYBERQUEST

Enable Logging on IIS Server

1.Click Start and open Administrative Tools.

2.Open Internet Information Services (IIS) Manager

3.In the Top Left corner click once to select the IIS Server

4.In the right panel double click on the Logging Icon

5.In the Log Event Destination click/select Both log file and ETW event

6.In the Top Right corner click on Apply

Creating registry key for CQ collection

1.Open a notepad and paste the following script:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Microsoft-IIS-Logging/Logs]

" "=-

2.Click on File>Save AS…

3.Select All Files (.) in the Save as type

4.In the File name section name the file IIS Logs.reg and click on Save

5.Double Click on the new created file IIS Logs.reg and click Yes

Add new data source

1.Open CYBERQUEST web interface

To access Web Interface, open a web browser and type the application's IP address or DNS name. The default address initially assigned to Web Interface is: https://CyberquestIPAddress (example).

The browser automatically redirects you to CYBERQUEST's authentication page:

2.Go to settings > Data Source Manager

Click on Add Data-Source button and select DataSource Type: WindowsOS / IIS Server Event logs

3.Complete the fields press Save

4.Assign DataSource to agent