code, 200 for success, 403 for no permissions, 404 for the page not found, specify below.Sc-substatus: Protocol sub State, logging HTTP child status code.Sc-win32-status:win32 status, log the Windows status code, and refer to the description of the log "Sc-win32-status--win32 status details in IIS", which was sent in the Chxwei blog.Sc-bytes: The number of bytes
More common analysis information(Prepared by qingapple studio)This section discusses the different outputs that you may see in log files, how they will help you debug applications, and how to make them more effective.When you look at the raw logs generated by the IIS debugger, you will notice that there are many lines before you reach the access conflict in the
In-depth analysis of IIS 7 HTTP. sys Vulnerabilities
Impact scope of http. sys VulnerabilitiesWith in-depth analysis by various parties, the impact of Windows HTTP. sys vulnerabilities on various regions is gradually emerging. Http. sys is the kernel driver for Microsoft Windows to process HTTP requests. According to data from the Internet broad-spectrum platform
011.1.1.50--[08/mar/2004:12:57:29-0700] "head/cgi-bin/webdist.cgi http/1.0" 404 011.1.1.50--[08/mar/2004:12:57:29-0700] "head/cgi-bin/handler http/1.0" 404 011.1.1.50--[08/mar/2004:12:57:29-0700] "head/cgi-bin/wrap http/1.0" 404 011.1.1.50--[08/mar/2004:12:57:29-0700] "head/cgi-bin/pfdisplay.cgi http/1.0" 404 0The key to detecting such attacks is to emit a large number of 404 HTTP Status codes from a single IP address. As long as you notice this kind of information, you can analyze the resource
Overview:Rotatelogs Log Segmentation: Apache uses its own log split module Rotatelogs split log, Rotatelogs is the Apache in the pipeline log program.Awstats Log Analysis: is an open-source lo
In the dark of each network management system, the server is helpless after being attacked. In fact, after the server is attacked, the server's record file details the clues of hacker activity. Here, I would like to introduce the most important record files of the two common Web servers. I will analyze what records a hacker will leave in the record files after the server is attacked. Currently, the most common Web servers are Apache and Microsoft's Internet Information Server (
quality of the page, improve content readability, Keep track of the steps involved in business transactions and manage the "behind-the-scenes" data of a Web site.In order to provide the WWW service better, it becomes more and more important to monitor the running situation of the Web server and to understand the detailed visit of the website content. These requirements can be done through the statistics and analysis of the Web server's
find out the root of the problem and try to achieve the root causes.
First of all, it must be to analyze the IIS log on the problem server, I found that during the period when the site was inaccessible, a large number of "connections_refused" errors were recorded in the Httperr log
This problem occurs by default if the available non-paged pool memory is low
Managing Web sites is not just about monitoring the speed of the web and the delivery of Web content. It not only pays attention to the daily throughput of the server, but also understands the external access of these Web sites and the access to each page of the site. Improve the content and quality of pages based on the frequency of clicks on each page, improve the readability of content, and track the steps involved in business transactions and manage the "behind the scenes" data from the Web
Analysis of IIS and server crash causes recently, the server crashes frequently and records the cause (because the verification code is generated too frequently and a verification code is automatically generated when each page is opened ). Possible causes include: 1. The server must be installed with the latest patch.
Program2. There is an endless loop in the program, a connection is not closed after it is
Modern browsers IE6 and Firefox support the client gzip, that is, the Web page on the server, before transmission, the first use of gzip compression and then transmitted to the client, after the client received by the browser to extract the display, which takes up a little bit of server and client CPU, But in exchange for higher bandwidth utilization. For plain text, the compression rate is considerable. If each user saves 50% of the bandwidth, the amount of bandwidth you rent can serve one more
This article mainly describes the ideas and common skills in WEB log security analysis, and describes the Security Events in the event of a complete instance, how to track attackers by analyzing WEB logs and combining other clues.
WEB logs, as an important part of the WEB server, detail the access requests from the client to the WEB application and the running status of the server during the running of the
to the site before and after August 10 are analyzed: Through the analysis of the site code (because of the technology, the site code changes time is easy to find), found that on August 11, the site added a function, and this feature takes three of tables, and in the number of ignore a link, Therefore, the site features updated three days after the creation of a lot of error pages until three days after the discovery to get rid of.
Combining the abov
.
Note that the 404.1 error only appears on a computer with multiple IP addresses. If a client request is received on a specific IP Address/Port Combination and the IP address is not configured to listen on the specific port, IIS returns the 404.1 HTTP Error. For example, if a computer has two IP addresses and only one of them is configured to listen on port 80, any request received from port 80 from another IP address will cause
First, domain-controlled Windows security log basic operations1. Open PowerShell or cmd1 #gpedit. mscTo open the configuration:Policy configuration on account security where to configure the account2. Open Control Panel, System and security, Event Viewer->windows Log--Security:I hope the time is long enough to view the logSelect the filter to filter this article:
In the past few attempts to get a honeypot, the hacker's method of hacking into the website is to collect 0-day data. This time I decided to come to a great god. I won't talk about the day. It's about dz. I guess I'm still analyzing it when I write this article. 0x1: What is an ibl log? As far as I know, there are two types of IIS log file formats: one is ibl, th
PhpIIS log analysis search engine crawler record page 12th. Note: modify the absolute path of iis logs in the iis. php file, for example, $ folder "c: windowssystem32logfiles site log Directory". remember to include a slash (). (Use virtual note:
Modify the absolute path of
, wpabaln:admin, Explorer:admin, Wmiprvse, Dfssvc, Msdtc:networkservice, SPLOOLSV, LSASS, Conime: admin, Services,Svchost:7 one of them localservice2, Networkservice1, Winlogon, Csrss, SMSS,System, systemidleprocess. Total: 22 processes, where admin, NetworkService, LocalService indicates that the user name is not specified for the system userThe following are the newly added processes after installing IIS Wpabaln:admin, Inetinfo,The following are the
. Item ($col) = $event. $col}$dt. Rows.Add ($row)}# Write to the database!$bulkCopy. WriteToServer ($DT)The above paragraph:Filter current log taken from forwarded eventXML contentAfter execution can go to SQL to check whether the log has been written into SQLSELECT * FROM GeneraleventsYou can see that the log was successfully written to SQL.Finally, it's a Windo
Due to the recent busy schedule, the code is not properly written, and the interface is not beautified. please use it first. new features will be released to you as soon as they are added! Note:
Modify the absolute path of iis logs in the iis. php file
For example, $ folder = "c:/windows/system32/logfiles/site log directory/"; // Remember to include a slash (/).
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.