Solved

IIS \ W3SVC1 Log Explanation

Posted on 2011-02-28
1
1,381 Views
Last Modified: 2012-05-11
I need help in understanding an IIS (W3SVC1) log file.

The log file below references directories that used to be hosted on this server over a year ago.  The logs are from today though.  And these were simple directories that are now hosted on a different server that is not running IIS.  In fact, I have no idea on why these directories would even be mentioned in an IIS log.

Can anyone help explain what would make the generatorrepairdb, g5135 and specs directories appear as they do in an IIS log?


#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2011-02-28 00:08:57
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2011-02-28 00:08:57 xx.xx.62.14 OPTIONS / - 80 - xx.xx.39.204 Microsoft-WebDAV-MiniRedir/5.1.2600 200 0 0
2011-02-28 00:08:57 xx.xx.62.14 PROPFIND /generator%20repair%20db - 80 - xx.xx.39.204 Microsoft-WebDAV-MiniRedir/5.1.2600 501 0 0
2011-02-28 00:08:57 xx.xx.62.14 OPTIONS / - 80 - xx.xx.39.204 Microsoft-WebDAV-MiniRedir/5.1.2600 200 0 0
2011-02-28 00:08:57 xx.xx.62.14 PROPFIND /generator%20repair%20db - 80 - xx.xx.39.204 Microsoft-WebDAV-MiniRedir/5.1.2600 501 0 0

#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2011-02-28 00:27:14
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2011-02-28 00:27:14 xx.xx.62.14 OPTIONS / - 80 - xx.xx.66.81 Microsoft-WebDAV-MiniRedir/5.1.2600 200 0 0
2011-02-28 00:27:14 xx.xx.62.14 PROPFIND /g5135 - 80 - xx.xx.66.81 Microsoft-WebDAV-MiniRedir/5.1.2600 501 0 0
2011-02-28 00:27:14 xx.xx.62.14 PROPFIND /specs - 80 - xx.xx.66.81 Microsoft-WebDAV-MiniRedir/5.1.2600 501 0 0
0
Comment
Question by:fraunkd
1 Comment
 
LVL 29

Accepted Solution

by:
Paul Jackson earned 500 total points
Comment Utility
These are webdav requests, it would seem something somewhere on your network is requesting them. Could be a file sharing program, sharepoint something like that still has a reference to them.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Debug Tools to analyse IIS process: This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage. To take dumps,download the following. Install1: To st…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now