Log Parser is a free command-line utility that harnesses the power of SQL querying and database mining to search through the log files that Windows Server 2003, Exchange Server, SQL Server, and ISA Server 2004 generate. If you're running Microsoft Internet Information Services (IIS) 6.0 on Windows 2003, you can use Log Parser to perform security auditing to monitor anomalies in the logs that might signal that an intruder is trying to compromise your Web server. Log Parser won't come straight out and tell you that an intruder has successfully attacked your server, but if you ask the right questions, it can provide you with some pretty conclusive evidence. I'll show you how to use Log Parser to generate statistics from IIS 6.0, check error status codes, locate unusual verbs in HTTP requests, and trace Web site activity.
Before we begin, you might want to read previously published Windows IT Security articles that will help you understand some of Log Parser's operating fundamentals. Although you don't need to read any of these articles to follow what I'm going to walk you through, you might find the background useful for a deeper understanding of Log Parser. In particular, see "LogParser," May 2004, InstantDoc ID 42174; "Access Denied: Using Log Parser to Audit Domain Logons," July 2004, InstantDoc ID 42812; "Targeting Failed Logons," September 2004, InstantDoc ID 43450; and "Filter for Security," October 2004, InstantDoc ID 43827. The ultimate resource for Log Parser is Gabriele Giuseppini and Mark Burnett, Microsoft Log Parser Toolkit (Syngress, 2005). Ready to go? Let's get started. . . .
Register
