Looking for tool to review IIS logs to specifically look for malicious activity.
Posted on 2008-06-10
I am looking for a tool to review IIS logs to specifically look for malicious activity. We would like to know if any malicious activity is being directed at our web sites and where geographically it originated from. Would also like to know if the malicious users were able to succesfully access anything during their attempts.
We used to do this manually but do to the amount of webservers and sites we have not it is just not practical any longer. We have a tool that allows us to analyze where the traffic was from and what they were accessing, but there is no way to specifically look for patterns that might identify mailicious intent.
I have looked at quite a few products but none of them mention the security aspect I am looking for, but they may actually provide it. So if anyone has any experience with any products that might fit the bill I would greatly appreciate it.
Thanks in advance for any assistance.