Nemanja, I covered IIS logs in this presentation (scripts and toolbox included): http://www.davekleiman.com/Files/HTCIACyberCrimeSummit_For_CD.zip
Also check out LogParser Toolkit and Security Log Management both have entire chapters dedicated to web servers. http://www.syngress.com/catalog/?pid=3110 http://www.syngress.com/catalog/?pid=3440 Dave -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, October 13, 2006 04:21 To: [email protected] Subject: Log Parser queries Hello list, our company has recently deployed Share Point Portal as an intranet solution, and we are currently working on opening a part of it to the internet. I am trying to set up a logging mechanism of IIS logs using MS Log Parser, and i would apreciate some pointers in the sense of interesting search strings, querys etc. I have been sifting the web looking for things i should pay attention to when logging, and have come up with some interesting things, but i need more before. I don't want to log everything, just want to set it up to log specific events but i am a bit blank as to what it is i should be looking out for (i'm fairly new to the whole thing of web log analysis)... any pointers would be greatly apriciated, literature, web articles, anything. Thank you. Nemanja Janic ------------------------------------------------------------ --------------- ------------------------------------------------------------ --------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
