How to enable IIS Configuration Auditing with Command Line (tool)?

Eventvwr_icon IIS configuration auditing is a feature that would let you monitor the changes that are done to the IIS configuration store. It generates event messages (similar to those generated by enabling metabase auditing in the previous versions). It would display the configuration element which was changed, the user who initiated the change, and the original and the new value of the element.

If you do it on a single server ones – the UI will be the easiest choice:

Open Event Viewer (Administrative Tools –> Event Viewer)
Expand the “Application and Service Logs”
Expand “Microsoft”, and expand “Windows”
Expand “IIS-Configuration”, and right click on “Operational”, and choose “Enable Log”

For DevOps – the command line is:

wevtutil sl Microsoft-IIS-Configuration/Operational /e:true

Wevtutil.exe is a Microsoft tool for modifying the EventLog.

Have in mind that manual changes (with notepad for example) in the config files will not be detected and logged.

Cheers,

Nik Todorov

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Google account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

code.da.planet

Software development (AKA coding) is changing the world!

How to enable IIS Configuration Auditing with Command Line (tool)?

Leave a Reply Cancel reply

Share this:

Like this:

Leave a Reply Cancel reply