[SASAG] IIS Log Analyzer
Eric Kahklen
eric at kahklen.com
Fri Aug 10 13:18:03 PDT 2007
I am also building a snort box as well, but I would like an additional
way to keep an eye on IIS.
Thanks,
Eric
Jason Martin wrote:
> On Fri, Aug 10, 2007 at 11:44:43AM -0700, Eric Kahklen wrote:
>
>> I am looking for a log analyzer for IIS that can help identify
>> suspicious traffic/attacks. A simple google search resulted in a
>> product called Nihuo Web Log Analyzer. It has something called "Server
>> Attacks" that identifies possible attacks. I am not sure if there is
>> something better, but I would appreciate any suggestions or comments.
>>
> You might consider running something like Snort (www.snort.org),
> which has signatures for a variety of attacks. but looks at the
> live TCP data instead of application logfiles. You would most
> likely run it on a host that is attached to a switch monitor
> port.
>
> -Jason Martin
>
>> Thanks,
>> Eric
>>
>>
>
>
--
Eric Kahklen
Lynnwood, WA
(206) 595-2934
www.kahklen.com
More information about the Members
mailing list