IT Analytics (ITA) is a web application hosted in Microsoft Internet Information Services (IIS) and utilizes Integrated Windows Authentication (IWA) to broker access. Because of this, ITA doesn't provide additional authentication or access logging beyond that offered by IIS. Logging is enabled in IIS by default and configured at the server or site level.

Any access attempts to the application will be logged in the standard IIS logs. For example, the following log entries exist for a user who hasn't been granted rights to the ITA portal but attempted to access it:

W3SVC2 ita ::1 GET /ITAnalytics/Services/AuthenticationService.svc/rest/Authenticate _dc=1645634710845 80 <domain>\<account_name> ::1 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/98.0.4758.102+Safari/537.36+Edg/98.0.1108.56 ITAnalyticsReportViewer_SessionId=fug24qbceltj2c1eybxcmebn http://localhost/itanalytics/ localhost 200 0 0 737 936 53
W3SVC2 ita ::1 GET /ITAnalytics/Services/AuthenticationService.svc/rest/Authenticate _dc=1645634710845 80 - ::1 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/98.0.4758.102+Safari/537.36+Edg/98.0.1108.56 ITAnalyticsReportViewer_SessionId=fug24qbceltj2c1eybxcmebn http://localhost/itanalytics/ localhost 401 0 0 574 745 116

Note the account name on the first entry and the HTTP status code (401) and corresponding Windows status code on the second entry to show where the user's login attempt was denied. You can also see that the GET request was against AuthenticationService.svc rather than for any site resources.

IIS logs can be enabled in Windows Event Viewer under Applications and Services Logs > Microsoft > Windows > IIS-Logging, but both successful and failed authentication attempts are logged as type Informational, so there's no clear distinction between them when viewing the logs in Event Viewer.

Release : 2.9.1

Component : Microsoft Internet Information Services

To configure IIS logging for ITA, refer to the following procedures.

Server-level logging:

1. Open Internet Information Services (IIS) Manager
2. Under the Connections pane on the left, select the hostname of the IIS server
3. In the main pane in the IIS section, double-click the Logging icon
4. Make any changes as desired and click Apply in the Actions pane on the right

Site-level logging:

1. Open Internet Information Services (IIS) Manager
2. Under the Connections pane on the left, navigate to Sites > IT Analytics Server (your name for the site may differ)
3. In the main pane in the IIS section, double-click the Logging icon
4. Make any changes as desired and click Apply in the Actions pane on the right

In either case, you may wish to restart the site or World Wide Web Publishing Service after making changes.

By default, IIS access logs are written to the following path on the application server:

%SystemDrive%\inetpub\logs\LogFiles

For an overview of the fields logged by IIS, refer to this Microsoft document.

For an overview of the HTTP status codes captured in the logs, refer to this Microsoft document.