Security Basics mailing list archives

Re: Monitor IIS logs

From: "K. K. Mookhey (NII)" <cto () nii co in>
Date: Tue, 9 Sep 2003 09:09:00 +0530

Hi, 

You can check out the following site for info on log monitoring.
http://www.counterpane.com/log-analysis.html

Also, you can download our tool Log Analyzer, which is specifically written for IIS logs. The download zip contains a 
pattern file with common IIS attack patterns to scan for. Also given the log folder it will scan all files using 
wildcard matching. So you can use the date values within the log file names to scan only from a specific date onwards, 
etc.
http://nii.co.in/research/tools.html

Cheers,
K. K. Mookhey
CTO,
Network Intelligence India Pvt. Ltd.
Web: www.nii.co.in
=================================
Security Auditing Software - AuditPro
http://www.nii.co.in/products.html
=================================

----- Original Message ----- 
From: "Robert McIntyre" <robert.mcintyre () earthmail com>
To: "Security-Basics (E-mail)" <security-basics () security-focus com>
Sent: Tuesday, September 09, 2003 4:59 AM
Subject: Monitor IIS logs

I am looking for some advice on monitoring IIS logs.  Basically I could use
some help on the following:

1.  Important things to look for
2.  Free utilities to help me search through the logs
3.  Good references about web logs and how to spot an attack.



--------------------------------------------------------------------------------

---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Captus Networks
Are you prepared for the next Sobig & Blaster?
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Precisely Define and Implement Network Security
 - Automatically Control P2P, IM and Spam Traffic
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------

Current thread:

Monitor IIS logs Robert McIntyre (Sep 08)
- Re: Monitor IIS logs K. K. Mookhey (NII) (Sep 09)
- Re: Monitor IIS logs Phillip McCollum (Sep 09)
  - Re: Monitor IIS logs Kelly Martin (Sep 09)