RE: Integrating logs from PIX, IIS and WAS

From: Andrew Williams (Andrew_at_Syngress.com)
Date: 10/28/05

  • Next message: Brian Loe: "RE: Integrating logs from PIX, IIS and WAS" 
    Date: Fri, 28 Oct 2005 09:31:58 -0400
To: "phunked up!" <phunkodelic@gmail.com>, "Luis Angel Fernandez" <lafernandez@matchmind.es>

    If you want more info on Log Parser, we published a book on it:

    http://www.amazon.com/exec/obidos/tg/detail/-/1932266526/qid=1130505795/
    sr=2-1/ref=pd_bbs_b_2_1/104-2058717-7732767?v=glance&s=books

    -Andrew

    -----Original Message-----
    From: phunked up! [mailto:phunkodelic@gmail.com]
    Sent: Thursday, October 27, 2005 8:35 AM
    To: Luis Angel Fernandez
    Cc: security-basics@securityfocus.com
    Subject: Re: Integrating logs from PIX, IIS and WAS

    Go to www.logparser.com. Use that with a back end database such as
    MySQL or micorosft Sql (express is free) which will allow you to do
    analysis of the logs. I am also doing the same sort of thing and am
    using the above mentioned tools.

    On 10/26/05, Luis Angel Fernandez <lafernandez@matchmind.es> wrote:
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    >
    > Hello,
    >
    > I am investigating about tools for integrate (store and analysis)
    > logs from different souces (Cisco PIX, IIS, WAS app server, syslog).
    The
    > goal is be able of follow up a the behavior of a possible intruder
    > throught a scenario based on that products. Which is your method for
    > doing a forensic task like this? Which tools could help for this task?
    >
    > Regards.
    >
    > -----BEGIN PGP SIGNATURE-----
    > Version: GnuPG v1.4.1 (GNU/Linux)
    > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
    >
    > iQCVAwUBQ1+eO3h5cEbo8TeiAQLOqAP8DctPlYwp31gbPVYeiKJoNOLVzmfXlE2T
    > xrH6fheN54odc8WY0VmyYWBTDwe2PDKJoq4ePcmshBjv5Nz5H/fkD746eajMxhwB
    > RYVnbNL4JoxE6nAMv8IR17yMEudFCE1bHE0dKAQFRl+veNUoxkZfR/LBkg2+/W9j
    > vXjxgrV8Aps=
    > =MRJ9
    > -----END PGP SIGNATURE-----
    >

  • Next message: Brian Loe: "RE: Integrating logs from PIX, IIS and WAS"

    Relevant Pages

    • RE: ASP security in HTML pages
      ... My opinion (since FastHosts didn't give me access to the logs) is that the ... "...The .Net Framework appeared to have become corrupted on the domain, ... > Framework is intalled after IIS is for example. ...
      (Security-Basics)
    • Re: Workstations are going offline! Help!
      ... Right about IIS, and right that the 0 indicates passwords never expire. ... Event logs are the first place to go for troubleshooting services for ... Settings -> Security Settings and click Password Policy. ... No errors on startup, no offline icons, synchronizing is ...
      (microsoft.public.windows.server.sbs)
    • Re: IIS logging issue
      ... Subject: IIS logging issue ... > /index%2easp becomes /index.asp and is shown as that in the logfile. ... I don't know about the documentation of IIS, ... > These days logs are used very often to prove illegal activity. ...
      (NT-Bugtraq)
    • Re: Cannot open the /connectcomputer site
      ... performancee logs and alerts service. ... There is no connectcomputer site in IIS. ... what errors are in the event logs on the server? ...
      (microsoft.public.windows.server.sbs)
    • Re: Page Cannot Be Displayed Errors
      ... not IIS, but something else. ... >>> directly on the web server, ... >>>>> I have done some additional checking in the logs. ... >>>>> either the request isn't even getting to IIS at this point, ...
      (microsoft.public.inetserver.iis)