-
Analyzing IIS Logs
Hey gang. I am looking for a tool that I can use to analyze IIS logs for attack patterns/signatures. Those of you familiar with IIS know about the webext logs that get written based on http traffic to the server. I am looking to use a tool to parse these files so that we can possibly find indications of an attempted or successful attack of some sort. I am familiar with the logs that are created if the URLScan tool is used from the IIS Lock Utility, but is there something else out there that I can use. It can be commercial or free - free would be great, but I am not trying to be too picky here. Any ideas are appreciated.
Thanks,
t2k2
-
I use a tool from Webtrends / Netiq which parses out my firewall logs and produces useable reports. There might be something there for you. The product I got was not that much $$$$ either, can't remember but about 2K or so. They do have fully functional Demos (30 day) as well.
Cheers:
-
Thanks DjM - this looks interesting, but it doesn't do what I need it to do. This seems to be more of a reporting tool. While I could probably get some use from it, I still need something that can pick up attack patterns/signatures based on the IIS logs.
Thanks,
t2k2