Re: Web Server logs
- From: "Shane Mullins" <tsmullins@xxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 25 Apr 2002 08:10:18 -0400
Hi,
I have the same problem. Also when there is an intrusion the ISA server
will stop it, but not log it. We are looking at some software called ACID
Intrusion Detection Tool. Basically it sits in your DMZ and logs who comes
into your network. It can then burn the data to a CDRW, or wherever.
Shane
----- Original Message -----
From: <isa@xxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, April 25, 2002 4:54 AM
Subject: [isalist] Web Server logs
> http://www.ISAserver.org
>
>
> Hi ISAlist
> I need to know who is visiting my websites. My Webserver is published
> behind the ISA server. When i look at the WWW Server logs all i get is
> ...
> 172.20.1.15 - - [24/Apr/2002:15:30:23 +0200] "GET /index HTTP/1.0" 404
> 4184
> 172.20.1.15 - - [24/Apr/2002:15:30:29 +0200] "GET
> /winnt/system32/cmd.exe?/c+dir+c:\ HTTP/1.0" 404 4184
> 172.20.1.15 - - [24/Apr/2002:15:30:44 +0200] "GET
> /_vti_bin/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
> HTTP/1.0" 500 0
> 172.20.1.15 - - [24/Apr/2002:15:30:51 +0200] "GET
> /winnt/system32/cmd.exe?/c+dir+c:\ HTTP/1.0" 404 4184
> 172.20.1.15 - - [24/Apr/2002:15:31:15 +0200] "GET
> /cgi-bin/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe?/c+dir+c:\
> HTTP/1.0" 500 0....
>
> The ISA Server address is 172.20.1.15. I can't see any IP's from outside.
> Is there a way i can monitor this?
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
tsmullins@xxxxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
>
>
Other related posts:
