Home > Developer > Windows

Windows IIS Log File Analyzer

Source: Internet
Author: User
Tags add end iis log
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Windows server has the ability to log records of events that include the following information in its IIS log file: Who visited your site, what visitors viewed, and so on. By periodically checking these log files, site administrators can detect which areas of the server or site are vulnerable or have other security implications.

However, the current log analysis tool is not perfect, some features do not have, especially for a URL address to attack the analysis is not much, the following is a VB script, save as a VBS program can be run on the server, An IP address that is used to parse and detect attacks against a URL address in the IIS log.

"Code starts
TargetUrl = "/archives/2761.html" "The URL address of the attacked Web site.
LogFilePath = "C:\LogFiles\W3SVC\ex110813.log" log path to the attack site.

On Error Resume Next
Set fileobj = CreateObject ("Scripting.FileSystemObject")
Set Fileobj2 = CreateObject ("Scripting.FileSystemObject")
Set myfile = Fileobj2.opentextfile (LogFilePath, 1, False)

Do While Myfile.atendofstream <> True
Myline = Myfile.readline ()
Myline2 = Split (Myline, "")
NEWIP = Myline2 (9)
Myurl = Myline2 (5)
If TargetUrl = Myurl Then
Writelog Newip
End If
Loop

MyFile. Close
Set Fileobj2 = Nothing
Msgbox "End."

Sub Writelog (Errmes)
Ipfilename = "Blockip.txt"
Set logfile = Fileobj.opentextfile (Ipfilename, 8, True)
Logfile.writeline Errmes
LogFile. Close
Set logfile = Nothing
End Sub
The code ends

Analysis of the IP if there is an exception, you can through the program, add its bulk to the list of IIS shielding IP, the following is found on the Internet a section of VBScript code, will be renamed as VBS, the above section of the IP import, you can bulk block the IP address of the attacker.

"Code starts
"/*=========================================================================
"* Intro VBScript Use ADSI to bulk add masks or allow access to IP for IIS
"* FileName Vbscript-adsi-iis-add-deny-grant-ip-change-metabase.xml.vbs
" *==========================================================================*/
"Adddenyip2all" 192.168.1.106,255.255.255.0 "
"Adddenyip" 123456 "," 127.0.0.1 "
"Adddenyip2all" 14.113.226.116 "

"Add IP or a group of computers to be screened, to a specific site
Sub Adddenyip (strwebno, Strdenyip)
On Error Resume Next
Set secobj = GetObject ("iis://localhost/w3svc/" & Strwebno & "/root")
Set myipsec = secobj.ipsecurity
MyIPSec.GrantByDefault = True
IPList = Myipsec.ipdeny
i = UBound (iplist) + 1
ReDim Preserve IPList (i)
IPList (i) = Strdenyip
Myipsec.ipdeny = IPList
Secobj.ipsecurity = MyIPSec
Secobj.setinfo
End Sub
"Add IP or a group of computers to be screened, to the IIS public configuration to apply to all sites
"If some sites have been previously shielded IP settings, in some settings will not take effect, you have to set up on the total site, and then cover all child nodes
Sub Adddenyip2all (STRDENYIP)
On Error Resume Next
Set secobj = GetObject ("Iis://localhost/w3svc")
Set myipsec = secobj.ipsecurity
MyIPSec.GrantByDefault = True
IPList = Myipsec.ipdeny
i = UBound (iplist) + 1
ReDim Preserve IPList (i)
IPList (i) = Strdenyip
Myipsec.ipdeny = IPList
Secobj.ipsecurity = MyIPSec
Secobj.setinfo
End Sub
"Add an allowed IP or a group of computers to a specified site
Sub Addgrantip (strwebno, Strgrantip)
On Error Resume Next
Set secobj = GetObject ("iis://localhost/w3svc/" & Strwebno & "/root")
Set myipsec = secobj.ipsecurity
MyIPSec.GrantByDefault = False
IPList = Myipsec.ipgrant
i = UBound (iplist) + 1
ReDim Preserve IPList (i)
IPList (i) = Strgrantip
Myipsec.ipgrant = IPList
Secobj.ipsecurity = MyIPSec
Secobj.setinfo
End Sub
"Add an allowed IP or a group of computers to the IIS public configuration to apply to all sites
"If some sites have been previously shielded IP settings, in some settings will not take effect, you have to set up on the total site, and then cover all child nodes
Sub Addgrantip2all (Strgrantip)
On Error Resume Next
Set secobj = GetObject ("Iis://localhost/w3svc")
Set myipsec = secobj.ipsecurity
MyIPSec.GrantByDefault = False
IPList = Myipsec.ipgrant
i = UBound (iplist) + 1
ReDim Preserve IPList (i)
IPList (i) = Strgrantip
Myipsec.ipgrant = IPList
Secobj.ipsecurity = MyIPSec
Secobj.setinfo
End Sub
"Displays banned IP in the IIS public configuration
Sub Listdenyip ()
Set secobj = GetObject ("Iis://localhost/w3svc")
Set myipsec = secobj.ipsecurity
IPList = Myipsec.ipdeny "Ipgrant/ipdeny
WScript.Echo Join (IPList, vbCrLf)
"For i = 0 to UBound (iplist)
"WScript.Echo i + 1 &"--> "& IPList (i)
"Next
End Sub



This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
iis web log analyzer online iis log analyzer apache log file analyzer smtp log file analyzer apache log analyzer windows squid log analyzer windows iis log file viewer
Related Article
Unable to access Windows Installer service while attempting t...

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More