Results 1 to 3 of 3

Thread: Analyzing IIS Logs

  1. #1
    Senior Member
    Join Date
    Aug 2002
    Posts
    651

    Analyzing IIS Logs

    Hey gang. I am looking for a tool that I can use to analyze IIS logs for attack patterns/signatures. Those of you familiar with IIS know about the webext logs that get written based on http traffic to the server. I am looking to use a tool to parse these files so that we can possibly find indications of an attempted or successful attack of some sort. I am familiar with the logs that are created if the URLScan tool is used from the IIS Lock Utility, but is there something else out there that I can use. It can be commercial or free - free would be great, but I am not trying to be too picky here. Any ideas are appreciated.


    Thanks,


    t2k2
    Opinions are like holes - everybody\'s got\'em.

    Smile

  2. #2
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    I use a tool from Webtrends / Netiq which parses out my firewall logs and produces useable reports. There might be something there for you. The product I got was not that much $$$$ either, can't remember but about 2K or so. They do have fully functional Demos (30 day) as well.


    Cheers:
    DjM

  3. #3
    Senior Member
    Join Date
    Aug 2002
    Posts
    651
    Thanks DjM - this looks interesting, but it doesn't do what I need it to do. This seems to be more of a reporting tool. While I could probably get some use from it, I still need something that can pick up attack patterns/signatures based on the IIS logs.


    Thanks,

    t2k2
    Opinions are like holes - everybody\'s got\'em.

    Smile

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •