[SASAG] IIS Log Analyzer

Jason Martin jhmartin at toger.us
Fri Aug 10 13:03:19 PDT 2007


On Fri, Aug 10, 2007 at 11:44:43AM -0700, Eric Kahklen wrote:
> I am looking for a log analyzer for IIS that can help identify 
> suspicious traffic/attacks.  A simple google search resulted in a 
> product called Nihuo Web Log Analyzer. It has something called "Server 
> Attacks" that identifies possible attacks.  I am not sure if there is 
> something better, but I would appreciate any suggestions or comments.
You might consider running something like Snort (www.snort.org),
which has signatures for a variety of attacks. but looks at the
live TCP data instead of application logfiles. You would most
likely run it on a host that is attached to a switch monitor
port.

-Jason Martin
> Thanks,
> Eric
> 

-- 
It's not the principle of the thing, it's the money
This message is PGP/MIME signed.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 213 bytes
Desc: not available
URL: <http://lists.sasag.org/pipermail/members/attachments/20070810/3d9ea614/attachment.bin>


More information about the Members mailing list