[SASAG] IIS Log Analyzer

Eric Kahklen eric at kahklen.com
Fri Aug 10 13:18:03 PDT 2007


I am also building a snort box as well, but I would like an additional 
way to keep an eye on IIS.

Thanks,
Eric

Jason Martin wrote:
> On Fri, Aug 10, 2007 at 11:44:43AM -0700, Eric Kahklen wrote:
>   
>> I am looking for a log analyzer for IIS that can help identify 
>> suspicious traffic/attacks.  A simple google search resulted in a 
>> product called Nihuo Web Log Analyzer. It has something called "Server 
>> Attacks" that identifies possible attacks.  I am not sure if there is 
>> something better, but I would appreciate any suggestions or comments.
>>     
> You might consider running something like Snort (www.snort.org),
> which has signatures for a variety of attacks. but looks at the
> live TCP data instead of application logfiles. You would most
> likely run it on a host that is attached to a switch monitor
> port.
>
> -Jason Martin
>   
>> Thanks,
>> Eric
>>
>>     
>
>   

-- 
Eric Kahklen
Lynnwood, WA
(206) 595-2934
www.kahklen.com






More information about the Members mailing list