Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Clearing IIS logs
From: Travis Kiger <Travis.Kiger () dig com>
Date: Tue, 2 Oct 2001 12:10:23 -0700

Hmm, I tried it with an IIS4 machine using the IIS log format. After
deleting the current log and renaming an old log, new requests were appended
to the old log, although this format does include the date in each entry.

XXX.XXX.XXX.XXX, -, 6/13/01, 16:10:53, W3SVC1, SERVER, YYY.YYY.YYY.YYY, 0,
258, 623, 404, 2, GET, /images/homepage/icon.gif, -,
XXX.XXX.XXX.XXX, -, 6/13/01, 16:10:53, W3SVC1, SERVER, YYY.YYY.YYY.YYY, 0,
260, 623, 404, 2, GET, /images/homepage/icon.gif, -,
XXX.XXX.XXX.XXX, -, 6/13/01, 16:10:53, W3SVC1, SERVER, YYY.YYY.YYY.YYY, 0,
256, 623, 404, 2, GET, /images/homepage/base.gif, -,
XXX.XXX.XXX.XXX, -, 6/13/01, 16:10:53, W3SVC1, SERVER, YYY.YYY.YYY.YYY, 125,
256, 390, 200, 0, GET, /images/html_corner.gif, -,
XXX.XXX.XXX.XXX, -, 10/2/01, 12:06:23, W3SVC1, SERVER, YYY.YYY.YYY.YYY, 15,
564, 206, 304, 0, GET, /index.html, -,
XXX.XXX.XXX.XXX, -, 10/2/01, 12:06:23, W3SVC1, SERVER, YYY.YYY.YYY.YYY, 0,
627, 141, 304, 0, GET, /global.js, -,
XXX.XXX.XXX.XXX, -, 10/2/01, 12:06:23, W3SVC1, SERVER, YYY.YYY.YYY.YYY, 0,
622, 141, 304, 0, GET, /home.css, -,



-----Original Message-----
From: Shoten [mailto:shoten () starpower net]
Sent: Tuesday, October 02, 2001 11:41 AM
To: Travis Kiger; Jason binger; pen-test () securityfocus com
Subject: Re: Clearing IIS logs


The problem with this method is that IIS will not continue the existing log
file, but rather create a new one.


IIS keeps the log file open, so I don't know of a way to do it without
stopping IIS. The easiest way to acccomplish this is to create an AT job
that stops IIS, deletes the logs and then restarts IIS. The account that
the
AT service runs as probably has permissions to do this. To cause even more
confusion for the admin, copy an old log and give it the same name as
todays' log. Some log types don't show the date in the individual entries,
but the admin may not notice either way.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault