[Dshield] IIS log

John Dalton dubuque_1 at msn.com
Thu Aug 28 14:55:32 GMT 2003

    I looked back, and didn't see any questions posed. I am just a end user
here, but have found the group here to be a wide spread of people from
diffeent disciplines, and am surprised at your not being help. Hopefully
this commnet of your will initiate help, as most questions are answered in
the list or offlist froma  knowledgeable person, so I hope they will help.
At my previous employment I can tell you the list helped us head off and
find a few compromises, and I found the signs in the IIS logs.

Would the IIS logs look like this ??

#Fields: date time c-ip cs-username s-sitename s-computername s-ip cs-method
cs-uri-stem cs-uri-query sc-status sc-win32-status sc-bytes cs-bytes
time-taken cs-version cs(User-Agent) cs(Cookie) cs(Referer)

2002-04-01 03:51:44 - W3SVC9 DUFFY x.x.x.x GET
/scripts/root.exe /c+dir 404 3 604 72 0 HTTP/1.0 - - -

2002-04-01 03:51:47 - W3SVC9 DUFFY x.x.x.x GET
/MSADC/root.exe /c+dir 404 3 604 70 0 HTTP/1.0 - - -

2002-04-01 03:51:47 - W3SVC9 DUFFY x.x.x.x GET
/c/winnt/system32/cmd.exe /c+dir 404 3 604 80 0 HTTP/1.0 - - -

----- Original Message ----- 
From: "Guy Barnum" <GuyBarnum at Armscole.com>
To: <list at dshield.org>
Sent: Thursday, August 28, 2003 9:17 AM
Subject: [Dshield] IIS log

> Can I submit microsoft IIS log to teh dshield database?
> Is there a support email address I can email 'how to' questions?
> I'm not getting responses from the mailing list as I hoped and the
dshield.org web site does not have any contact information that I can find.
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:

More information about the list mailing list