-
March 17th, 2003, 10:25 PM
#1
Analyzing IIS Logs
Hey gang. I am looking for a tool that I can use to analyze IIS logs for attack patterns/signatures. Those of you familiar with IIS know about the webext logs that get written based on http traffic to the server. I am looking to use a tool to parse these files so that we can possibly find indications of an attempted or successful attack of some sort. I am familiar with the logs that are created if the URLScan tool is used from the IIS Lock Utility, but is there something else out there that I can use. It can be commercial or free - free would be great, but I am not trying to be too picky here. Any ideas are appreciated.
Thanks,
t2k2
Opinions are like holes - everybody\'s got\'em.
Smile
-
March 17th, 2003, 10:34 PM
#2
I use a tool from Webtrends / Netiq which parses out my firewall logs and produces useable reports. There might be something there for you. The product I got was not that much $$$$ either, can't remember but about 2K or so. They do have fully functional Demos (30 day) as well.
Cheers:
-
March 18th, 2003, 04:55 PM
#3
Thanks DjM - this looks interesting, but it doesn't do what I need it to do. This seems to be more of a reporting tool. While I could probably get some use from it, I still need something that can pick up attack patterns/signatures based on the IIS logs.
Thanks,
t2k2
Opinions are like holes - everybody\'s got\'em.
Smile
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|