First introduce the default location of the log, only we know the traces left on the server, in order to erase the traces we left in the computer, and the log is where we left the mark.
Security log file: C:\\WINDOWS\\system32\\config\\SecEvent.Evt
System log file: C:\\WINDOWS\\system32\\config\\SysEvent.Evt
Application log File: C:\\WINDOWS\\system32\\config\\AppEvent.Evt
FTP log default location: C:\\WINDOWS\\system32\\Logfiles\\MSFTPSVC1
WWW log default location: C:\\WINDOWS \\system32\\Logfiles\\W3SVC1
However, these logs cannot be deleted when the system is running normally. FTP and WWW services can stop these two services first, then delete the log files, but it is safe. System and application log daemon service Event Log is no way to stop. So how do you need to clean it?
Because this step is difficult to do this manually. So we can use the tool. Here I give The tool that everyone talks about is CL. Can clean up IIS logs. FTP logs `. Schedule task logs. System logs. Clean up service logs only need to execute
CL tool cleanup command
Cleanup service log: cl -logfiles 127.0.0.1 (The program automatically stops the FTP.WWW.Task Scheduler service before deleting the log, and then starts three services.)
Clean up the system log: cl -enentlog all
This tool supports remote cleaning Of course, the prerequisite must be an IPC management connection with administrator privileges established.
Connection command: net use \\\\ip\\ipc$ password/user:username
Then use CL -LogFile IP Remotely clean up the host.
============================================== ==============================================================================
At present, the intrusion method for the website is mainly to inject, and then the right to take down the server, so the main log traces are left in the IIS log, so we only need to clear the IP address in our IIS log. That's it. If you clean it up, it won't make the other administrators suspicious. So really want to Let's stop the IIS service, and then use Notepad to open the log file and change it a bit. Of course not. Just use the CleanIISLog tool to get it easily.
Usage of the CleanIISLog tool: in CMD Execute the CleanIISLog. IP address to clear the connection records about IP in all IIS logs, and keep other IP records.
After clear success, CleanIISLog will make its own running record in the system log. If IIS If the log file is not the default, you can execute the CleanIISLog IIS log path server IP address to specify the path to the IIS log. Note: This tool can only be run locally and must have Administrators privileges.
1, download Jmail, the highest version of the free version is now Jmail4.5, 2, do
. First explain why this is the case. Mainly for the security of the server, even if there is a prob
FBD is Fully-buffer DIMM (full cache module technology), which is a serial transm
Each time the server receives a request, it must be processed by IIS. This is not
CentOS uninstall Apache method detailed
Three techniques for efficient server management
Analyze the advantages and disadvantages of network storage categories
Resolve "COM+ can't talk to Microsoft Distributed Transaction Coordinator
Four measures to strengthen Windows 2003 security
MySQL server optimization in Linux environment
How to maximize server uptime?
Fix 403 forbidden error in Nginx server
Apache set static file caching method introduction
Security Analysis with IIS+ASP Website
How to change the color of the inactive window title bar in Win10 th2 official version?
How to adjust the resolution and screen refresh rate of Ubuntu system?
Pending signal and signal blocking
What should I do if the Win7 application cannot start 0x000007b normally?
Small script for quickly mounting and separating VHD files
Win8.1 system to play old game legends frequently appear flower screen solution
Introducing the nine new features of QQ Concept Edition in Windows 7
How does WinXP use Diskgenius to rebuild partitioned tables?
Windows 10 open the software prompts "can not open this application" how to solve?