locked
How can I find out attack attempts RRS feed

  • Question

  • User-508626502 posted

    Hi,

    How do I find out in the IIS logs attack attempts?


    Is there a tool that does this automatically?

    IIS 6.2


    Thanks

    Best Regards

    Friday, October 23, 2020 1:25 PM

All replies

  • User1065476709 posted

    Hi fernando-sianet,

    We have lot of tools and techniques available to identify DOS attacks. But, the classical way is to look at various log files and that’s where LogParser will help us a lot. the LogParser can identify Denial of Service attacks from IIS Logs.

    For a normal production server, we will see lot of log files in IIS logfiles folder. One classic way people follow as a preliminary step is to check for patterns in the sizes of those log files. If they see a sudden spike in size, they will pay attention to those log files to check if they have recorded any malicious attempts. Instead of scrolling through that large list of LogFiles in windows explorer, we can leverage LogParser to query the sizes of those files. 

    More information about how to identify whether our application had undergone a DOS attack or not from the IIS logs you can refer to this link: Log Parser - Identifying DOS attacks from IIS Logs

    Monday, October 26, 2020 2:23 AM
  • User-508626502 posted

    Hi samwu

    That's exactly what I needed.

    Thank you very much

    Tuesday, October 27, 2020 1:37 PM
  • User1065476709 posted

    Hi fernando-sianet,

    Please mark the answer so that it can help others with similar problems.

    Best regards,

    Sam

    Wednesday, October 28, 2020 2:11 AM