Security Basics mailing list archives

Re: Monitor IIS logs

From: Kelly Martin <kel () securityfocus com>
Date: Tue, 9 Sep 2003 09:36:17 -0600 (MDT)

On Mon, 8 Sep 2003, Phillip McCollum wrote:

You might be interested in Microsoft's LogParser utility:

http://www.microsoft.com/downloads/details.aspx?FamilyID=8cde4028-e247-45be-bab9-ac851fc166a4&DisplayLang=en

At 04:29 PM 9/8/2003, Robert McIntyre wrote:

I am looking for some advice on monitoring IIS logs.  Basically I could use
some help on the following:

1.  Important things to look for
2.  Free utilities to help me search through the logs
3.  Good references about web logs and how to spot an attack.


Also check out the recent "MRTG for IIS" article by Mark Burnett in the
Microsoft section of SecurityFocus. It uses LogParser to parse IIS logs
and give you a visual way to see network traffic and spot attacks.
LogParser is very powerful and a good recommendation for what you're
trying to do, but the command line options can get rather...  complex. :)

http://www.securityfocus.com/infocus/1721

Regards,
-- Kelly Martin <kel () securityfocus com>

---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------

Current thread:

Monitor IIS logs Robert McIntyre (Sep 08)
- Re: Monitor IIS logs K. K. Mookhey (NII) (Sep 09)
- Re: Monitor IIS logs Phillip McCollum (Sep 09)
  - Re: Monitor IIS logs Kelly Martin (Sep 09)