IIS 5 & IIS 6
How can I find out attack attempts
Re: How can I find out attack attempts
Oct 26, 2020 02:23 AM|samwu|LINK
We have lot of tools and techniques available to identify DOS attacks. But, the classical way is to look at various log files and that’s where
LogParser will help us a lot. the LogParser can identify Denial of Service attacks from IIS Logs.
For a normal production server, we will see lot of log files in IIS logfiles folder. One classic way people follow as a preliminary step is to check for patterns in the sizes of those log files. If they see a sudden spike in size, they will pay attention
to those log files to check if they have recorded any malicious attempts. Instead of scrolling through that large list of LogFiles in windows explorer, we can leverage LogParser to query the sizes of those files.
More information about how to identify whether our application had undergone a DOS attack or not from the IIS logs you can refer to this link:
Log Parser - Identifying DOS attacks from IIS Logs