[SASAG] IIS Log Analyzer
jhmartin at toger.us
Fri Aug 10 13:03:19 PDT 2007
On Fri, Aug 10, 2007 at 11:44:43AM -0700, Eric Kahklen wrote:
> I am looking for a log analyzer for IIS that can help identify
> suspicious traffic/attacks. A simple google search resulted in a
> product called Nihuo Web Log Analyzer. It has something called "Server
> Attacks" that identifies possible attacks. I am not sure if there is
> something better, but I would appreciate any suggestions or comments.
You might consider running something like Snort (www.snort.org),
which has signatures for a variety of attacks. but looks at the
live TCP data instead of application logfiles. You would most
likely run it on a host that is attached to a switch monitor
It's not the principle of the thing, it's the money
This message is PGP/MIME signed.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 213 bytes
Desc: not available
More information about the Members