Hi @Ali Refahiati ,
- Open Command Prompt and enter the following commands.
- Lists additional logs available for IIS:
wevtutil el | findstr -i IIS
- Configuration for the selected log:
wevtutil gl Microsoft-IIS-Configuration/Operational
- Enable the selected log:
wevtutil sl /e:true Microsoft-IIS-Configuration/Operational
When enabled, the default path for this log is C:\Windows\System32\winevt\Logs\Microsoft-IIS-Configuration%4Operational.evtx
.
2. The Microsoft IIS Configuration Operational log captures the additional and removal of IIS modules. By enabling this logging, you’ll be able to detect any backdoor installations and unauthorized modifications to your system in real-time. This is a critical security measure that can help you safeguard your data and ensure the smooth operation of your web services. You can learn more about it from this Microsoft official blog.
Best regards,
Jinlei Shuang
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread