Analyzing IIS Logs

Printable View

March 17th, 2003, 10:25 PM
t2k2

Analyzing IIS Logs

Hey gang. I am looking for a tool that I can use to analyze IIS logs for attack patterns/signatures. Those of you familiar with IIS know about the webext logs that get written based on http traffic to the server. I am looking to use a tool to parse these files so that we can possibly find indications of an attempted or successful attack of some sort. I am familiar with the logs that are created if the URLScan tool is used from the IIS Lock Utility, but is there something else out there that I can use. It can be commercial or free - free would be great, but I am not trying to be too picky here. Any ideas are appreciated.

Thanks,

t2k2
March 17th, 2003, 10:34 PM
DjM

I use a tool from Webtrends / Netiq which parses out my firewall logs and produces useable reports. There might be something there for you. The product I got was not that much $$$$ either, can't remember but about 2K or so. They do have fully functional Demos (30 day) as well.

Cheers:
March 18th, 2003, 04:55 PM
t2k2

Thanks DjM - this looks interesting, but it doesn't do what I need it to do. This seems to be more of a reporting tool. While I could probably get some use from it, I still need something that can pick up attack patterns/signatures based on the IIS logs.

Thanks,

t2k2

All times are GMT +1. The time now is 06:36 AM.