Microsoft IIS
Monitor Microsoft Internet Information Server (IIS) Web Application Server
Data Collection Setup
Metrics are collected via the IIS Administration API.
##Setting up the IIS Administration API
The IIS Administration API needs to be installed and configured on each monitored IIS server before data collection can occur.
Installing the Administration API
- Enable and start your Windows Server running IIS.
- As an Administrator, install the IIS Administration API from: https://manage.iis.net/get
- Restart the Windows Server running IIS.
Check Port 55539 for Firewall Issues
Installing the IIS Administration API should automatically open port 55539, but we recommend ensuring it is opened prior to continuing.
Microsoft IIS Administration install page
Configuring API
-
Go to directory: C:\Program Files\IIS Administration\Microsoft.IIS.Administration\config.
-
Change the owner of the appsettings.json file from SYSTEM to Administrators group.
-
Edit the appsettings.json file by configuring the following properties:
- Set
security.require_windows_authenticationto false. - Set
security.access_policy.api.usersto Everyone. - Set
security.access_policy.api.access_keyto false. (NOTE: This will temporarily disable authentication, which will be re-enabled after generating an access token later on.) - Add the
security.access_policy.api.read_onlyproperty and set it to true.
"security": {
"require_windows_authentication": false,
"access_policy": {
"api": {
"users": "Everyone",
"access_key": false,
"read_only": true
},
}
},
- Restart the IIS Services
Network Requirements
Port: 55539 (TCP) Default connection to the IIS Administration API
Least Privileged User
Microsoft IIS Access Token
Assigning an IIS Least-Privileged User
In Microsoft's IIS Administration documentation, the Application Settings topic (Security section) discusses the default access settings:
BindPlane uses an access token for authentication. Setting the require_windows_authentication property to false as indicated in Configuring the IIS Administration API above allows the user to authenticate using that access token, which will be generated next in the Generating an Access Token section.
Adding the Windows user to the IIS API administrators and owners roles allows that user to generate the access token and execute requests to the API using that token.
Generating an Access Token
Next, you must generate an access token to be used for authentication
- Open https://localhost:55539/.
- Click on the ACCESS KEY link.
- Click the Create Access Key button. Set the key name and expiration period.
- Save the access key for use when configuring the IIS Source
Re-enabling Authentication
Now that your access token has been generated, you must go back into the appsettings.json file and re-enable authentication:
- Go to directory: C:\Program Files\IIS Administration\Microsoft.IIS.Administration\config
- Edit the appsettings.json file by configuring the following properties:
Set security.access_policy.api.access_key to true.
- Restart the IIS Administration API service.
"access_policy": {
"api": {
"users": "Everyone",
"access_key": true,
"read_only": true
},
}
Supported Versions
Microsoft Windows Server:
- Windows Server 2019
- Windows Server 2016
- Windows Server 2012 R2
- Windows Server 2012
- Windows Server 2008 R2
Microsoft IIS:
- 10
- 8.5
- 8.0
- 7.5
Connection Parameters
| Name | Required? | Description |
|---|---|---|
| Host | Required | The Microsoft IIS FQDN, IP, or hostname to connect to. |
| Port | The port for communication to the IIS Administration Service API. | |
| Access Token | Required | |
| SSL Configuration | The SSL mode to use when connecting to the target. Can be configured to not use SSL (No SSL), use SSL but do not verify the target's certificate (No Verify), and use SSL and verify the target's certificate (Verify). | |
| Connection Timeout | The number of seconds to allow for connecting to the target. | |
| Enable Worker Processes |
Metrics
Application
| Name | Description |
|---|---|
| Application Pool ID | The id of the application pool. |
| Application Pool Name | The name of the application pool. |
| Application Pool Status | The status of the application pool. |
| Enabled Protocols | Protocols that requests can use to access the application. |
| ID | The id of the application. |
| Location | Location of the application. |
| Path | URL path of the application. |
| Physical Path | Physical path to the content for the virtual directory. |
| Website ID | The id of the website. |
| Website Name | The name of the website. |
| Website Status | The status of the website. |
Application Pool
| Name | Description |
|---|---|
| Action | Action that IIS takes when a worker process exceeds its configured CPU limit |
| Active Requests (Requests) | The number of requests that are currently being processed by the application pool. |
| Applications Enabled (32-Bit) | Indicates whether worker processes serving the application pool will be in WOW64 (Windows on Windows64) mode. |
| Auto Start | Indicates whether the application pool starts automatically when IIS starts. |
| Configuration Changed Recycle Logging Enabled | Indicates whether an event log entry is generated when the application pool recycles due to a change in its configuration. |
| CPU Usage (%) | The percentage of CPU being used by application pool processes. |
| Disable Overlapped Recycle | Indicates whether the application pool recycle will happen such that the existing worker process exists before another worker process is created. |
| Disable Recycling For Configuration Changes | Indicates whether the application pool will not be recycled when its configuration is changed. |
| Failure Interval (Minutes) | The time interval in minutes during which the specific number of worker process crashes must occur before the application pool is shut down by Rapid Fail Protection. |
| File Cache Count | Current number of files whose content is in the usermode cache. |
| File Cache Hit Rate (%) | Percentage of successful lookups in the user-mode file cache since the application pool started. |
| File Cache Hits | Number of successful lookups in the usermode file cache since the application pool started. |
| File Cache Memory Usage (Bytes) | Current number of bytes used for the usermode file cache. |
| File Cache Misses | Number of unsuccessful look ups in the usermode file cache since the application pool started. |
| Handles | The number of handles that are currently open in application pool processes. |
| ID | The id of the application pool. |
| Identity Type | Indicates whether the application pool is running as builtin account, or as a specific user identity. |
| Idle Timeout (Minutes) | Amount of time in minutes a worker process will remain idle before it shuts down. |
| Idle Timeout Action | Action to perform when the Idle Timeout duration has been reached. |
| Installed Memory (Bytes) | The total installed memory. |
| I/O Operations (Operations) | The number of read and write operations performed by all application pool processes in the last second. |
| I/O Read Operations (Operations) | The number of read operations performed by all application pool processes in the last second. |
| I/O Write Operations (Operations) | The number of write operations performed by all application pool processes in the last second. |
| ISAPI Extension Unhealthy Recycle Logging Enabled | Indicates whether an event log entry is generated when the application pool recycles because an ISAPI extension has reported itself as unhealthy. |
| Limit (%) | Maximum percentage of CPU time that the worker process in an application pool are allowed to consume in period of time in Limit Interval |
| Limit Interval (Minutes) | Reset period for CPU monitoring and throttling limits on the application pool. |
| Load Balancer Capabilities | Specifies behavior when a worker process cannot be started. |
| Load User Profile | Specifies whether IIS loads the user profile for an application pool identity. |
| Manage Runtime Version | Specific version of .NET CLR that is loaded by application pool. |
| Manual Recycle Logging Enabled | Indicates whether an event log entry is generated when the application pool has been manually recycled. |
| Maximum Failures | Maximum number of worker process crashes permitted before the application pool is shut down by Rapid Fail Protection. |
| Maximum Worker Processes | Maximum number of worker processes permitted to service requests for the application pool. |
| Name | The name of the application pool. |
| Orphan Action Executable | Executable to run when a worker process is abandoned. |
| Orphan Action Executable Parameters | Parameters for the executable that is run when a worker process is abandoned. |
| Output Cache Count | Current number of items in the output cache. |
| Output Cache Hit Rate (%) | Percentage of successful lookups in the output cache since the application pool started. |
| Output Cache Hits | Number of successful lookups in the output cache since the application pool started. |
| Output Cache Memory Usage (Bytes) | Current number of bytes used for the output cache. |
| Output Cache Misses | Number of unsuccessful lookups in the output cache since the application pool started. |
| Page Faults | The number of page faults experienced by all application pool processes in the last second. |
| Ping Interval (Seconds) | Period of time in seconds between health monitoring pings sent to the worker processes serving this application pool. |
| Ping Response Time (Seconds) | Maximum time in seconds that worker process is given to respond to a health monitoring ping. |
| Pinging Enabled | Indicates whether the worker processes serving this application pool are pinged periodically to ensure that they are still responsive. |
| Pipeline Mode | Indicates whether ASP.NET runs in Classic Mode as an ISAPI extension, or in Integrated Mode where managed code is integrated into the request processing pipeline. |
| Private Memory (Bytes) | The total private bytes being used by all application pool processes. |
| Private Memory Exceeded Recycle Logging Enabled | Indicates whether an event log entry is generated when the application pool recycles after exceeding its private memory. |
| Private Memory Limit (Kilobytes) | Maximum amount of private memory in KB a worker process can consume before causing the application pool to recycle. |
| Private Memory Usage (%) | The percentage of system memory currently used as website process private bytes. |
| Private Working Memory (Bytes) | The total private working set being used by all application pool processes. |
| Private Working Memory Usage (%) | The percentage of system memory currently used as application pool private working set bytes. |
| Process Count | The number of processes being used by the application pool to process requests. |
| Process Orphaning Enabled | Indicates whether an unresponsive worker process will be abandoned instead of terminated. |
| Processor Affinity Enabled | Indicates whether CPU affinity is enabled for an application pool. |
| Processor Affinity Mask | CPU affinity for an application pool. |
| Processor Affinity Mask (64-Bit Option) | CPU affinity for an application pool (64bit option). |
| Queue Length | Maximum number of requests that will be queued for the application pool. |
| Rapid Fail Protection Enabled | Indicates whether the application pool is shut down if there are a specific number of worker process crashes within a specific time period. |
| Regular Time Interval (Minutes) | Period of time in minutes after which an application pool will recycle. |
| Request Limit | Maximum number of requests an application pool can process before it is recycled. |
| Request Limit Exceeded Recycle Logging Enabled | Indicates whether an event log entry is generated when the application pool recycles after exceeding its request limit. |
| Scheduled Interval Recycle Logging Enabled | Indicates whether an event log entry is generated when the application pool recycles on its scheduled interval. |
| Scheduled Recycle Times | A set of local times when the application pool is recycled. |
| Scheduled Time Recycle Logging Enabled | Indicates whether an event log entry is generated when the application pool recycles at a scheduled time. |
| Served Requests (Requests) | The number of requests that have been served in the past second. |
| Shutdown Executable | Executable to run when an application pool is shut down by Rapid Fail Protection. |
| Shutdown Executable Parameters | Parameters for the executable to run when an application pool is shut down by Rapid Fail Protection. |
| Shutdown Time Limit (Seconds) | Period of time in seconds a worker process is given to finish processing requests and shut down. |
| Startup Time Limit (Seconds) | Period of time in seconds a worker process is given to start up and initialize. |
| Status | The status of the application pool. |
| Thread Count | The number of threads currently active in application pool processes. |
| Total Files Cached | Number of files whose content was ever added to the usermode cache since the application pool started. |
| Total Requests (Requests) | The number of requests that have been served since the application pool started. |
| Total URIs Cached (Blocks) | Number of URI information blocks that have been added to the usermode cache since the application pool started. |
| URI Cache Count (Blocks) | Number of URI information blocks that are currently in the usermode cache. |
| URI Cache Hit Rate (%) | Percentage of successful look ups in the user-mode URI cache since the application pool started. |
| URI Cache Hits | Number of successful look ups in the usermode URI cache since the application pool started. |
| URI Cache Misses | Number of unsuccessful look ups in the usermode URI cache since the application pool started. |
| Username | Username of an application pool identity. |
| Virtual Memory Limit (Kilobytes) | Maximum amount of virtual memory in KB a worker process can consume before causing the application pool to recycle. |
| Virtual Memory Limit Exceeded Recycle Logging Enabled | Indicates whether an event log entry is generated when the application pool recycles after exceeding its virtual memory limit. |
Virtual Directory
| Name | Description |
|---|---|
| Application ID | The id of the application. |
| Application Location | The location of the application. |
| Application Path | The URL path for the application. |
| ID | The id of the virtual directory. |
| Location | The location of the virtual directory. |
| Logon Method | Type of logon operation to perform when calling LogonUser to acquire the user token impersonated to access the physical path for the virtual directory. |
| Path | The URL path of the application. |
| Physical Path | The physical path to the content for the virtual directory. |
| Username | User identity that should be impersonated when accessing the physical path for the virtual directory. |
| Website ID | The id of the website. |
| Website Name | The name of the website. |
| Website Status | The status of the website. |
Web Server
| Name | Description |
|---|---|
| Active Requests (Requests) | The number of requests that are currently being processed by the web server. |
| Connection Attempts | The number of client connections that have been attempted in the last second. |
| CPU Usage (%) | The percentage of CPU being used by web server processes. |
| Current Connections (Connections) | The number of active connections that are open on the web server. |
| File Cache Count | Current number of files whose content is in the user-mode cache. |
| File Cache Hit Rate (%) | Percentage of successful lookups in the user-mode file cache since the web server started. |
| File Cache Hits | Number of successful lookups in the user-mode file cache since the web server started. |
| File Cache Memory Usage (Bytes) | Current number of bytes used for the user-mode file cache. |
| File Cache Misses | Number of unsuccessful look ups in the user-mode file cache since the web server started. |
| FQDNs | The FQDN of the web server. |
| Handles | The number of handles that are currently open in web serve processes. |
| Hostname | The hostname of the web server. |
| ID | The id of the web server. |
| Installed Memory (Bytes) | The total installed memory. |
| I/O Operations (Operations) | The number of read and write operations performed by all application pool processes in the last second. |
| I/O Read Operations (Operations) | The number of read operations performed by all web server processes in the last second. |
| I/O Write Operations (Operations) | The number of write operations performed by all web server processes in the last second. |
| IP Addresses | The IP address of the web server. |
| Name | The name of the web server. |
| Network Traffic (Bytes) | The number of bytes that the web server sent and received in the last second. |
| Output Cache Count | Current number of items in the output cache. |
| Output Cache Hit Rate (%) | Percentage of successful lookups in the output cache since the web server started. |
| Output Cache Hits | Number of successful lookups in the output cache since the web server started. |
| Output Cache Memory Usage (Bytes) | Current number of bytes used for the output cache. |
| Output Cache Misses | Number of unsuccessful lookups in the output cache since the web server started. |
| Page Faults | The number of page faults experienced by all web server processes in the last second. |
| Private Memory (Bytes) | The total private bytes being used by all web server processes. |
| Private Memory Usage (%) | The percentage of system memory currently used as web server process private bytes. |
| Private Working Memory (Bytes) | The total private working set being used by all web server processes. |
| Private Working Memory Usage (%) | The percentage of system memory currently used as web server process private working set bytes. |
| Process Count | The number of processes being used by the web server to process requests. |
| Received Traffic (Bytes) | The number of bytes that the web server received in the last second. |
| Sent Traffic (Bytes) | The number of bytes that the web server sent in the last second. |
| Served Requests (Requests) | The number of requests that have been served in the past second. |
| Status | The status of the web server. |
| Supports SNI | Indicates whether web server supports server name indicator. |
| System CPU Usage (%) | The percentage of CPU being used by the entire system. Note that this value is an instantaneous measurement that, depending on timing, may be impacted by remote monitoring calls. |
| System Memory In Use (Bytes) | The total memory in use by the entire system. |
| Thread Count | The number of threads currently active in web server processes. |
| Total Connection Attempts | The number of client connections that have been attempted since the web server started. |
| Total Files Cached | Number of files whose content was ever added to the user-mode cache since the web server started. |
| Total Requests (Requests) | The number of requests that have been served since the web server started. |
| Total Traffic Received (Bytes) | The number of bytes received since the web server started. |
| Total Traffic Sent (Bytes) | The number of bytes sent since the web server started. |
| Total URIs Cached (Blocks) | Number of URI information blocks that have been added to the user-mode cache since the web server started. |
| URI Cache Count (Blocks) | Number of URI information blocks that are currently in the user-mode cache. |
| URI Cache Hit Rate (%) | Percentage of successful look ups in the user-mode URI cache since the web server started. |
| URI Cache Hits | Number of successful look ups in the user-mode URI cache since the web server started. |
| URI Cache Misses | Number of unsuccessful look ups in the user-mode URI cache since the web server started. |
| Version | The version of the web server. |
Website
| Name | Description |
|---|---|
| Active Requests | The number of requests that are currently being processed by the website. |
| Bindings | Combination of IP address, port and host name that HTTP.sys on for incoming requests. |
| Connection Attempts | The number of client connections that have been attempted in the last second. |
| Connection Timeout (Seconds) | Period of time a connection can remain inactive before being disconnected. |
| CPU Usage (%) | The percentage of CPU being used by website processes. |
| Current Connections | The number of active connections that are open on the website. |
| Enabled Protocols | Specifies the protocols that requests can use to access an application. |
| File Cache Count | Current number of files whose content is in the user-mode cache. |
| File Cache Hit Rate (%) | Percentage of successful lookups in the user-mode file cache since the website started. |
| File Cache Hits | Number of successful lookups in the user-mode file cache since the website started. |
| File Cache Memory Usage (Bytes) | Current number of bytes used for the user-mode file cache. |
| File Cache Misses | Number of unsuccessful look ups in the user-mode file cache since the website started. |
| Handles | The number of handles that are currently open in website processes. |
| ID | The id of the website. |
| Installed Memory (Bytes) | The total installed memory. |
| I/O Operations (Operations) | The number of read and write operations performed by all application pool processes in the last second. |
| I/O Read Operations (Operations) | The number of read operations performed by all website processes in the last second. |
| I/O Write Operations (Operations) | The number of write operations performed by all website processes in the last second. |
| Key | A unique numeric identifier of the website. |
| Maximum Bandwidth (Bytes per Second) | Maximum network bandwidth to which the website traffic is throttled. |
| Maximum Connections | Maximum number of concurrent connections. |
| Maximum URL Segments | Maximum number of segments permitted in a URL. |
| Name | A unique name of the website. |
| Network Traffic (Bytes) | The number of bytes that the web server sent and received in the last second. |
| Output Cache Count | Current number of items in the output cache. |
| Output Cache Hit Rate (%) | Percentage of successful lookups in the output cache since the website started. |
| Output Cache Hits | Number of successful lookups in the output cache since the website started. |
| Output Cache Memory Usage (Bytes) | Current number of bytes used for the output cache. |
| Output Cache Misses | Number of unsuccessful lookups in the output cache since the website started. |
| Page Faults | The number of page faults experienced by all website processes in the last second. |
| Physical Path | The physical path to the content for the virtual directory. |
| Private Memory (Bytes) | The total private bytes being used by website processes. |
| Private Memory Usage (%) | The percentage of system memory currently used as website process private bytes. |
| Private Working Memory (Bytes) | The total private working set being used by website processes. |
| Private Working Memory Usage (%) | The percentage of system memory currently used as website process private working set bytes. |
| Process Count | The number of processes being used by the website to process requests. |
| Received Traffic (Bytes) | The number of bytes that the website received in the last second. |
| Sent Traffic (Bytes) | The number of bytes that the website sent in the last second. |
| Served Requests | The number of requests that have been served in the past second. |
| Server Auto Start | Indicates if the server instance should start automatically when the service is started. |
| Status | The status of the website. |
| Thread Count | The number of threads currently active in website processes. |
| Total Connection Attempts | The number of client connections that have been attempted since the website started. |
| Total Files Cached | Number of files whose content was ever added to the user-mode cache since the website started. |
| Total Requests | The number of requests that have been served since the website started. |
| Total Traffic Received (Bytes) | The number of bytes received since the website started. |
| Total Traffic Sent (Bytes) | The number of bytes sent since the website started. |
| Total URIs Cached (Blocks) | Number of URI information blocks that have been added to the user-mode cache since the website started. |
| Uptime (Seconds) | The number of seconds that have elapsed since the web site started. |
| URI Cache Count (Blocks) | Number of URI information blocks that are currently in the user-mode cache. |
| URI Cache Hit Rate (%) | Percentage of successful look ups in the user-mode URI cache since the website started. |
| URI Cache Hits | Number of successful look ups in the user-mode URI cache since the website started. |
| URI Cache Misses | Number of unsuccessful look ups in the user-mode URI cache since the website started. |
Worker Process
| Name | Description |
|---|---|
| Application Pool ID | The id of the application pool under which process is running. |
| Application Pool Name | The name of the application pool under which process is running. |
| Application Pool Status | The status of the application pool under which process is running. |
| ID | The id of the worker process. |
| Name | The name of the worker process. |
| Peak Virtual Memory Size (Bytes) | Maximum virtual memory used by worker process. |
| Peak Working Set (Bytes) | Maximum working set used by worker process. |
| Private Memory Size (Bytes) | The private memory being used by worker process. |
| Process GUID | The process guid of the worker process. |
| Process ID | The process id of the worker process. |
| Start Time | The time when worker process is started. |
| Status | The status of the worker process. |
| Virtual Memory Size (Bytes) | The virtual memory being used by worker process. |
| Working Set (Bytes) | The working set being used by worker process. |
Updated about 5 years ago