How to make your Web server log files more secure

What is IIS

IIS, the Internet Information Service, provides powerful Internet and intranet service capabilities as one of the popular Web servers today. As a result, there are many more units of IIS being used as Web server software today. By default, these servers must allow public access to their resources. But we have found that many units spend even more time defending and providing web services than they do on the defensive.

IIS Security

However, the attack here is quiet. Unless your organization's Web site becomes a victim of a devastating attack, or is injected into a malicious code, in general, hackers will invade your server in an imperceptible way, due to the sheer amount of traffic that the server may receive. However, you will not be indifferent, as long as a little setup, you can create trouble for the hacker's damage, so that it cannot hide their sins, and for yourself, also easy to find their behavior. The method presented in this article will add a little security to your Web server log file.

If a hacker attacks your Web server, or even if you just want to check its security status, then the Web log will be your first choice for finding information. By default, you can find these log files at%systemroot%/system32/logfiles.

However, this location is known to be a target, so you should move the log files to a non-system drive that does not save and maintain your Web site. To change the location of the log file, you need to log on to the Web server as an administrator, and you can follow the steps below:

1. Click Start, locate My Computer, right-click, and select Explorer.

2. Locate the drive and folder where you want to reposition the log files.

3. You can also right-click in the window pane on the right and choose New folder.

4. Start a name for this new folder (for example, Zcliislogs) and press ENTER.

5. Click Start/Control Panel, click Administrative Tools, and click Internet Information Services (IIS) Manager.

6. Right-click on your Web site and select Properties.

7. On the Web Site tab, click the Properties button after the active log format to eject the Logging Properties window. Under Log file directory, locate and click the Browse button to locate the folder that you just created to store the IIS log files.

8. Click "OK" three times.

If a user has more than one site, you need to repeat these steps for each site. However, don't forget that you need to manually move the previous log files from the original location to the new folder.

Now that the log file has a new location, you need to assign appropriate permissions to the directory. Please follow the steps below:

1. Right-click on the folder you just created and select Properties.

2. Click the Security tab and click the Advanced button to pop up a new dialog box.

3. Deselect "Allow inheritable permissions for the parent to propagate to this object and all child objects." ”

4. A warning window will pop up and click "Clear".

5. Click the "Add" button, click the "Advanced" button, select the "Administrators" system administrator account, and click OK.

6. Click "Administrators" to set it to Full Control, and click OK.

Conclusion

Log files can be the only way we study those attempts to smash Web server events. We should change the location, monitor it, and transfer it to a new location away from the site every day.