Solved

Looking for tool to review IIS logs to specifically look for malicious activity.

Posted on 2008-06-10
1
334 Views
Last Modified: 2013-12-07
I am looking for a tool to review IIS logs to specifically look for malicious activity.  We would like to know if any malicious activity is being directed at our web sites and where geographically it originated from.  Would also like to know if the malicious users were able to succesfully access anything during their attempts.

We used to do this manually but do to the amount of webservers and sites we have not it is just not practical any longer.  We have a tool that allows us to analyze where the traffic was from and what they were accessing, but there is no way to specifically look for patterns that might identify mailicious intent.

I have looked at quite a few products but none of them mention the security aspect I am looking for, but they may actually provide it.  So if anyone has any experience with any products that might fit the bill I would greatly appreciate it.

Thanks in advance for any assistance.
0
Comment
Question by:IT_Admin_AK
1 Comment
 
LVL 51

Accepted Solution

by:
tedbilly earned 250 total points
Comment Utility
Doing it in the IIS logs is inefficient and may not even work.  Many hacks involve buffer overruns or other strategies that won't show in the log.

You are far better off using a hardware appliance that does this with all those features built in.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Lync server 2013 Backup Service Error ID 4049 – After File Share Migration
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will get a basic understanding of what section 508 compliance can entail, learn about skip navigation links, alt text, transcripts, and font size controls.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now