Penetration Testing mailing list archives
RE: Clearing IIS logs
From: Travis Kiger <Travis.Kiger () dig com>
Date: Tue, 2 Oct 2001 12:10:23 -0700
Hmm, I tried it with an IIS4 machine using the IIS log format. After deleting the current log and renaming an old log, new requests were appended to the old log, although this format does include the date in each entry. XXX.XXX.XXX.XXX, -, 6/13/01, 16:10:53, W3SVC1, SERVER, YYY.YYY.YYY.YYY, 0, 258, 623, 404, 2, GET, /images/homepage/icon.gif, -, XXX.XXX.XXX.XXX, -, 6/13/01, 16:10:53, W3SVC1, SERVER, YYY.YYY.YYY.YYY, 0, 260, 623, 404, 2, GET, /images/homepage/icon.gif, -, XXX.XXX.XXX.XXX, -, 6/13/01, 16:10:53, W3SVC1, SERVER, YYY.YYY.YYY.YYY, 0, 256, 623, 404, 2, GET, /images/homepage/base.gif, -, XXX.XXX.XXX.XXX, -, 6/13/01, 16:10:53, W3SVC1, SERVER, YYY.YYY.YYY.YYY, 125, 256, 390, 200, 0, GET, /images/html_corner.gif, -, XXX.XXX.XXX.XXX, -, 10/2/01, 12:06:23, W3SVC1, SERVER, YYY.YYY.YYY.YYY, 15, 564, 206, 304, 0, GET, /index.html, -, XXX.XXX.XXX.XXX, -, 10/2/01, 12:06:23, W3SVC1, SERVER, YYY.YYY.YYY.YYY, 0, 627, 141, 304, 0, GET, /global.js, -, XXX.XXX.XXX.XXX, -, 10/2/01, 12:06:23, W3SVC1, SERVER, YYY.YYY.YYY.YYY, 0, 622, 141, 304, 0, GET, /home.css, -, -----Original Message----- From: Shoten [mailto:shoten () starpower net] Sent: Tuesday, October 02, 2001 11:41 AM To: Travis Kiger; Jason binger; pen-test () securityfocus com Subject: Re: Clearing IIS logs The problem with this method is that IIS will not continue the existing log file, but rather create a new one.
IIS keeps the log file open, so I don't know of a way to do it without stopping IIS. The easiest way to acccomplish this is to create an AT job that stops IIS, deletes the logs and then restarts IIS. The account that
the
AT service runs as probably has permissions to do this. To cause even more confusion for the admin, copy an old log and give it the same name as todays' log. Some log types don't show the date in the individual entries, but the admin may not notice either way.
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Clearing IIS logs Jason binger (Sep 30)
- <Possible follow-ups>
- RE: Clearing IIS logs Travis Kiger (Oct 01)
- Re: Clearing IIS logs Shoten (Oct 04)
- RE: Clearing IIS logs Jeremiah Jacks (Oct 02)
- Re: Clearing IIS logs julian linton (Oct 06)
- RE: Clearing IIS logs Tony Harris (Oct 09)
- Re: Clearing IIS logs julian linton (Oct 06)
- RE: Clearing IIS logs Travis Kiger (Oct 04)
- Re: Clearing IIS logs Tiago Halm (Oct 04)