Server log cleanup and IIS log cleanup

First, we will introduce the default log location. Only when we know the traces we leave on the server can we erase the traces we leave on the computer, and the log is where we leave the traces.
Security log file: C: \ WINDOWS \ system32 \ config \ SecEvent. Evt
System log file: C: \ WINDOWS \ system32 \ config \ SysEvent. Evt
Application Log File: C: \ WINDOWS \ system32 \ config \ AppEvent. Evt
Default FTP Log location: C: \ WINDOWS \ system32 \ Logfiles \ MSFTPSVC1
Default location of WWW logs: C: \ WINDOWS \ system32 \ Logfiles \ W3SVC1
However, these logs cannot be deleted when the system is running normally. the FTP and WWW services can stop the two services and then delete the Log files. However, the Event Log of the Log daemon service of the system and applications cannot be stopped. so how can we clean it up?
This step is difficult to do manually. so we can use the tool. the tool used here is CL. this tool can clear IIS logs. FTP log '. scheduled task log. system log. to clear service logs, you only need to execute
CL cleanup command
Clear service logs: cl-logfiles 127.0.0.1 (the program automatically stops the FTP. WWW. Task Scheduler Service before deleting the logs, and then starts the three services .)
Clear system logs: cl-enentlog all
This tool supports remote cleanup. The prerequisite must be that an IPC management connection with administrator permissions is established.
Connection command: net use \ ip \ ipc $ password/user: user Name
Then, the host is remotely cleaned up using the CL-LogFile IP address.
========================================================== ==========================================
Clear IIS logs
At present, the main method of website intrusion is injection, and then the server is revoked, so the main log traces are left in the IIS log, so we only need to clear the IP address in the IIS log. in this way, the Administrator will not be confused. so we really need to stop the IIS service, and then use NotePad to open the log file 1.1 point change? Of course not. You only need to use the CleanIISLog tool.
Usage of the CleanIISLog tool: Execute CleanIISLog. IP address in CMD to understand the connection records of IP addresses in all IIS logs and keep records of other IP addresses.
After the operation is successful, CleanIISLog records its operation in the system log. if the IIS log file is not the default one, you can run the CleanIISLog IIS Log Path Server IP address to specify the IIS Log Path. note: This tool can only be run locally and must have the Administrators permission.
Bytes -----------------------------------------------------------------------------------
I will package the two tools mentioned in this article for you to download!

Click to download