Configure a log analytics workspace to collect Window Server Event log, IIS and performance data.

Configuring Azure Monitor with Log Analytics for IIS Servers

Azure Monitor combined with Log Analytics provides centralized telemetry collection for performance metrics, event logs, and application logs from Windows-based workloads. This guide demonstrates how to configure data collection from IIS servers using Data Collection Rules (DCRs).

​

Create the Log Analytics Workspace

1. Navigate to Log Analytics workspaces in the Azure portal
2. Select Create
3. Choose your resource group (e.g., Zava IIS resource group)
4. Provide a workspace name and select your preferred region
5. Select Review + Create, then Create

After deployment, configure RBAC permissions by assigning the Contributor role to users or service principals that need to interact with the workspace data.​

Configure Data Collection Infrastructure

Create a Data Collection Endpoint:

1. Navigate to Azure Monitor in the portal
2. Select Data Collection Endpoints, then Create
3. Specify the endpoint name, subscription, resource group, and region (match your Log Analytics workspace region)
4. Create the endpoint

Create a Data Collection Rule:

1. Navigate to Data Collection Rules and select Create
2. Provide a rule name, resource group, and region
3. Select Windows as the platform type
4. Choose the data collection endpoint created in the previous step
5. Skip the Resources tab initially (you'll associate VMs later)

Configure Data Sources

Add three data source types to capture comprehensive telemetry:​

Performance Counters:

1. On the Collect and Deliver page, select Add data source
2. Choose Performance Counters as the data source type
3. Select Basic for standard CPU, memory, disk, and network metrics (or Custom for specific counters)
4. Set the destination to Azure Monitor Logs and select your Log Analytics workspace

Windows Event Logs:

1. Add another data source and select Windows Event Logs
2. Choose Basic collection mode
3. Select Application, Security, and System logs
4. Configure severity filters (Critical, Error, Warning for Application and System; Audit Success for Security)
5. Specify the same Log Analytics workspace as the destination

IIS Logs:

1. Add a final data source for Internet Information Services logs
2. Accept the default IIS log file paths or customize as needed
3. Set the destination to your Log Analytics workspace

After configuring all data sources, select Review + Create, then Create the data collection rule.​

Associate Resources

1. Navigate to your newly created Data Collection Rule
2. Select Resources from the rule properties
3. Click Add and select your IIS servers (e.g., zava-iis1, zava-iis2)
4. Return to Data Collection Endpoints
5. Select your endpoint and add the same IIS servers as resources

This two-step association ensures proper routing of telemetry data.​

Query Collected Data

After allowing time for data collection, query the telemetry:​

1. Navigate to your Log Analytics workspace
2. Select Logs to open the query editor
3. Browse predefined queries under Virtual Machines
4. Run the "What data has been collected" query to view performance counters, network metrics, and memory data
5. Access Insights to monitor data ingestion volumes

You can create custom KQL queries to analyze specific events, performance patterns, or IIS log entries across your monitored infrastructure.​

Find out more at: https://learn.microsoft.com/en-us/azure/azure-monitor/fundamentals/overview