How to enable IIS Configuration Auditing with Command Line (tool)?

Eventvwr_iconIIS configuration auditing is a feature that would let you monitor the changes that are done to the IIS configuration store. It generates event messages (similar to those generated by enabling metabase auditing in the previous versions). It would display the configuration element which was changed, the user who initiated the change, and the original and the new value of the element.

If you do it on a single server ones – the UI will be the easiest choice:

  1. Open Event Viewer (Administrative Tools –> Event Viewer)
  2. Expand the “Application and Service Logs”
  3. Expand “Microsoft”, and expand “Windows”
  4. Expand “IIS-Configuration”, and right click on “Operational”, and choose “Enable Log”
    EventLog-EnableIISConfig

For DevOps – the command line is:

wevtutil sl Microsoft-IIS-Configuration/Operational /e:true

Wevtutil.exe is a Microsoft tool for modifying the EventLog.

Have in mind that manual changes (with notepad for example) in the config files will not be detected and logged.

Cheers,

Nik Todorov

How to enable IIS Configuration Auditing with Command Line (tool)?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s