Experience the perfect configuration of website logging in win2003

  
                

The so-called website log, which is the server log, is used to record some operations of the web server. Through the website log, we can clearly understand the user's way of visiting. So in the win2003 system, how do we configure website logging through IIS6.0? Let's see how the master is implemented.

1. Enable Web Site Logging

Internet Information Services (IIS) logging provides more detailed information than the event logging or performance monitoring features of Windows Server 2003. The IIS logs include the following information: the users who visited the site, what they viewed, and when they last viewed the information. You can monitor other people's access attempts to your website, virtual folders, or files, regardless of whether the visit was successful or not. This includes events such as reading and writing files. Events for any site, virtual folder, or file can be logged separately. By periodically reviewing these log files, you can detect which aspects of your server or site are vulnerable or have other security risks.

To enable Web site logging, follow these steps:

Start Internet Information Services Manager. To do so, click “Start”, point to “Administrative Tools", and then click "Internet Information Services".

Double-click “server_name”, where server_name is the name of the server.

Expand the “website” folder.

Right-click the website for which you want to enable logging and click “Properties”.

On the “Sites” tab, select “Enable Logging”.

Note: You must also enable “On the “Website” tab to enable logging and “"record access” on the Home Directory” tab to enable logging.

Select a format in the “activity log format” list.

Click the “Properties",“Advanced" tab and select the items you want to monitor in the log.

Note: If you selected “ODBC Logging", click “Properties" and provide the ODBC Data Source Name (DSN), table, username, and password, then click “ ”

On the &# General” tab, choose how you want to schedule logging or change the “log files” folder. For more information, see the "Save Configuration Options for IIS Log Files" section of this article.

Click “OK”.

Enable or disable logging for specific folders

Start Internet Information Services Manager. To do so, click “Start”, point to “Administrative Tools", and then click "Internet Information Services".

Double-click “server_name”, where server_name is the name of the server.

Expand the “website” folder.

Right-click on “site” or find the folder you want to configure and click “Properties”.

On the "Directory" tab, click “Record Access”.

Note: To disable logging, click “record access”.

Click “OK”.

2, Save configuration options for IIS log files

To set options for saving log files, follow these steps:

Open Internet Information Services Manager. To do so, click “Start”, point to “Administrative Tools", and then click "Internet Information Services".

Expand your server node.

Expand the “website” folder.

Right-click on “site” and click “properties”.

On the "Website" tab, click “Properties”.

On the &#quo;General Properties' tab, select the option to use when starting a new log file. The options are as follows:

“Hourly”: Create a log file every hour, starting with the first item that occurs every hour. This feature is typically used for high volume websites.

“Daily”: Create a log file every day, starting with the first item that occurs after midnight.

“Weekly”: Create a log file once a week, starting with the first item that occurs after midnight on Saturday.

“Monthly”: Create a log file once a month, starting with the first item that occurs after midnight on the last day of the month. Note: For all log file formats except the “World Wide Web Consortium (W3C) Extended Log File Format”, “Midnight” refers to midnight local time. For this file format, “Midnight  defaults to midnight Greenwich Mean Time (GMT), but you can change it to midnight local time. To open a new log using the W3C Extended Log File Format and use local time, select “File Naming and Create Use Local Time”. The new log starts at midnight local time, but the time recorded in the log file is still GMT time.

“Do not limit file size";: Data is always attached to the same log file. You can access this log file only after you stop the site.

<;When the file size reaches ";: When the current log file reaches a certain size, create a new log file. You must specify the size you want.

Under “Log File Directory”, type the destination folder where you want to save the log file.

Note: Local folders must be listed using the full path. When you specify a folder for log files, you cannot use mapped drives or UNC paths (such as \\\\server1\\share1\\), nor can you use periods or backslash characters.

Click “Apply”, then click “OK”.

3, use Notepad to review IIS log records:

To open Notepad, click “Start”, then point to <;All Programs>,"Accessories” , then click “Notepad”.

On the "File" menu, click “Open” and type the location where the log files are saved.

Check for any suspicious security events in the logs, including:

Multiple failed commands attempting to run an executable or script. (In this case, closely monitor the “script” folder.)

Too many failed login attempts from an IP address, which may be an attempt to increase network traffic or deny access to other users.

A failed attempt to access and modify a .bat or .cmd file.

An attempt was made to upload a file to a folder containing executable files without authorization.

Security

Proper security on the web server reduces or blocks a variety of malicious and unexpected security threats.

For production servers, remove the Active Server Pages (ASP) registration page from a web server that allows users to browse files that contain information about how to create certificates. If you do not want to delete an ASP page, you can restrict the viewing permissions of the file. These pages are usually located in the root of the website.

The use of win2003 system, mostly used as a server version, in the win2003 system configuration website log records, in order to better understand the various operations in the operation of the website, interested users can be based on their own Need to make related settings.

Copyright © Windows knowledge All Rights Reserved