This is going to be a very dense introduction to application log monitoring.  I'm going to have subsequent posts that cover parts of this in more depth.

Application log monitoring refers to reading log files on the local computer and processing the entries contained in them.  SCOM processes a number of different log file types.  These are:

• Generic
• This is a text file that contains one line per log entry
• Generic CSV
• This is a text file that contains one line per log entry, with parameters that are separated by a character.  The most common separator is a comma ','.
• IIS
• W3C
• NCSA
• Binary
• These are generated by Internet Information Services.  See http://msdn2.microsoft.com/en-us/library/aa814382.aspx for information about these formats.  IIS, W3C, and NCSA are text files, while Binary is a binary log format.
• HTTP Error
• This is a text file generated by the http.sys driver.  It is quite similar to the W3C format, but with different fields.  See http://support.microsoft.com/kb/820729 for informat about this format.

Monitoring is done by one of the following modules, depending on the type of log file to be monitored.

• System.ApplicationLog.BinaryLogReader
• System.ApplicationLog.IISLogReader
• System.ApplicationLog.NCSALogReader
• System.ApplicationLog.W3CLogReader
• System.ApplicationLog.GenericLogReader
• System.ApplicationLog.GenericCSVLogReader
• System.ApplicationLog.HTTPErrorLogReader

The modules output one of the following data types.

• System.ApplicationLog.InternetLogEntryData
• This is output for the IIS, W3C, NCSA, and Binary log file types
• System.ApplicationLog.GenericLogEntryData
• This is output for the Generic and GenericCSV log file types
• System.ApplicationLog.HTTPErrorLogEntryData
• This is output for the HTTP Error log file type

The fields of System.ApplicationLog.InternetLogEntryData are listed below.  Not all of the modules fill out all of the fields, because the log file formats don't all have every field.

• LogFileDirectory
• LogFileType
• LogFileName
• Date
• Time
• ClientIP
• UserName
• SiteID
• ServerName
• ServerIP
• ServerPort
• Method
• URIStem
• URIQuery
• ProtocolStatus
• WindowsStatus
• BytesSent
• BytesReceived
• BytesTransferred
• TimeTakenInMS
• ProtocolVersion
• ProtocolSubstatus
• HostHeader
• UserAgent
• Cookie
• Referrer

The fields of System.HTTPErrorLogEntryData are listed below.

• LogFileDirectory
• LogFileType
• LogFileName
• Date
• Time
• ComputerName
• ClientIP
• ClientPort
• ServerIP
• ServerPort
• ProtocolVersion
• Verb
• CookedURL
• UserAgent
• Cookie
• Referer
• Host
• ProtocolStatus
• BytesSent
• BytesReceived
• TimeTaken
• SiteID
• ReasonPhrase
• QueueName

The fields of System.GenericLogEntryData are listed below.  NOTE: The Generic log type has only one Param field.  The Generic CSV log type has one Param entry per parameter in the log file.

• LogFileDirectory
• LogFileType
• LogFileName
• Params
• Param
• Param
• ...
• Param