I covered IIS logs in this presentation (scripts and toolbox included):
http://www.davekleiman.com/Files/HTCIACyberCrimeSummit_For_CD.zip
Also check out LogParser Toolkit and Security Log Management both have
entire chapters dedicated to web servers.
http://www.syngress.com/catalog/?pid=3110
http://www.syngress.com/catalog/?pid=3440
Dave
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed]
[mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of
nemanja.janic (at) centroproizvod.co (dot) yu [email concealed]
Sent: Friday, October 13, 2006 04:21
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Log Parser queries
Hello list,
our company has recently deployed Share Point Portal as an
intranet solution, and we are currently working on opening
a part of it to the internet. I am trying to set up a
logging mechanism of IIS logs using MS Log Parser, and i
would apreciate some pointers in the sense of interesting
search strings, querys etc. I have been sifting the web
looking for things i should pay attention to when logging,
and have come up with some interesting things, but i need
more before. I don't want to log everything, just want to
set it up to log specific events but i am a bit blank as to
what it is i should be looking out for (i'm fairly new to
the whole thing of web log analysis)... any pointers would
be greatly apriciated, literature, web articles, anything.
Thank you.
I covered IIS logs in this presentation (scripts and toolbox included):
http://www.davekleiman.com/Files/HTCIACyberCrimeSummit_For_CD.zip
Also check out LogParser Toolkit and Security Log Management both have
entire chapters dedicated to web servers.
http://www.syngress.com/catalog/?pid=3110
http://www.syngress.com/catalog/?pid=3440
Dave
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed]
[mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of
nemanja.janic (at) centroproizvod.co (dot) yu [email concealed]
Sent: Friday, October 13, 2006 04:21
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Log Parser queries
Hello list,
our company has recently deployed Share Point Portal as an
intranet solution, and we are currently working on opening
a part of it to the internet. I am trying to set up a
logging mechanism of IIS logs using MS Log Parser, and i
would apreciate some pointers in the sense of interesting
search strings, querys etc. I have been sifting the web
looking for things i should pay attention to when logging,
and have come up with some interesting things, but i need
more before. I don't want to log everything, just want to
set it up to log specific events but i am a bit blank as to
what it is i should be looking out for (i'm fairly new to
the whole thing of web log analysis)... any pointers would
be greatly apriciated, literature, web articles, anything.
Thank you.
Nemanja Janic
------------------------------------------------------------
---------------
------------------------------------------------------------
---------------
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]