Hey gang. I am looking for a tool that I can use to analyze IIS logs for attack patterns/signatures. Those of you familiar with IIS know about the webext logs that get written based on http traffic to the server. I am looking to use a tool to parse these files so that we can possibly find indications of an attempted or successful attack of some sort. I am familiar with the logs that are created if the URLScan tool is used from the IIS Lock Utility, but is there something else out there that I can use. It can be commercial or free - free would be great, but I am not trying to be too picky here. Any ideas are appreciated.


Thanks,


t2k2