mercredi 30 janvier 2008

Using Server Logs

Using Server Logs
IIS maintains log files that you can use to ensure that no unauthorized access to the server is being made. Each access to the server for any type of file creates an entry in the log file. Failed accesses, such as pages that are not found or requests by users who are not authorized to access the server, are logged as well. One user loading a single Web page can create dozens of entries in the log if the page contains images that are also hosted on the server.

To enable logging, open the Internet Information Services console, right-click Default Web Site, and choose Properties. On the Web Site tab, select Enable Logging. To configure logging options, click Properties to display the dialog box shown in Figure 17-13.


Figure 17-13. Enable IIS access logs to ensure that no unauthorized users are using the server.
For small and lightly loaded Web servers, you might be able to simply review the file with Notepad to see whether any suspicious activity has occurred, as shown in Figure 17-14. You can also import the file into Excel using the process described for ICF log files. (See Examining Internet Connection Firewall Logs.) Neither of these approaches is practical for a busier Web server; even one that gets a few thousand accesses a day would be very difficult to analyze this way. Instead, you might want to use a log analysis program. These programs read in the log files for a period of time (day, week, month, or longer) and summarize the accesses by user, page name, directory, or other groupings. You can find a large list of commercial and free log analyzers at http://directory.google.com/Top/Computers/Software/Internet/Site_Management/Log_Analysis/.


Figure 17-14. You can view the IIS log file with Notepad, import it into Excel for further analysis, or use a log file analysis program.
Keeping Up with IIS Security Patches
A poorly maintained Web or FTP server is a disaster waiting to happen. New exploits are constantly being discovered and patched, but your server is protected only if you apply the patches. After you've installed IIS, Windows Update should automatically notify you of new IIS patches and fixes if you have enabled AutoUpdate. Still, it is a good idea to occasionally run the Microsoft Baseline Security Analyzer or Security Hotfix Checker (HFNetChk). For details about these programs, see Testing and Verifying Your Secure Status.
Publié par à
Libellés : , ,

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)