Академический Документы
Профессиональный Документы
Культура Документы
! " #
" " ! ! # $!
! #
! "#
$ %" ! "#
1 2 3 ( ! , # 0 #
http://securityfocus.com/printable/infocus/1712 29/08/2003
SecurityFocus Printable INFOCUS 1712 Page 2 of 15
( * ! +
% *5 2 3 ! + #
, #
4 6 " 2 ( "
! " " #
" 3 #
% ! * ! ! " ! "
) *5 2 3 ( * , #
" ! " #
) * 2 3 ( (%* , # ( ! ! ! #
4: ) " 2 "3 ( # % ! #
( ! , !
4: - 2 , 3 % ! ; !" #
4: #
* ) 2
( # % ! %< )-. ; #
3
7 ) 2
( 7 , # % ! #
3
) 2 3 ( " ! # % ! !! ! " #
: 2
( " ! ! " # % ! !! #
3
* 8 2
( 9((* # % ! #
3
( ! 9((* 9
9 2 3 % " ! * " #
#
http://securityfocus.com/printable/infocus/1712 29/08/2003
SecurityFocus Printable INFOCUS 1712 Page 3 of 15
4 5 2 24 ( ! 9((* 4 5
% , ! #
5 33 #
( ! 9((* %
% 2 2% 33 % , ! #
#
( ! 9((* : ! % ! ! !
: ! 2 2: ! 33
# ! #
7 " "" ! ! !
#
<%
sHeader= Request.ServerVariables("X-Forwarded-For")
If Len(sHeader) Then Response.AppendToLog "|" & sHeader
%>
$ "
http://securityfocus.com/printable/infocus/1712 29/08/2003
SecurityFocus Printable INFOCUS 1712 Page 4 of 15
. * *5(9 #
C !/ . * # )D: E . * # " ! #5 . * #
! 7 " )D 7 #9 " + !
"" & D # + F8F #
" ! ! ! ! 2
% . ! 3# ! ! ! " ' ' ! , #
! ! " ! " , #
" ! " !! #( ! "#
$ * "
! ! " ! , ! ! # ! " !
! " ( ; 5)* + #C " ; ! ! #(
! , ! &
C:\>logparser -i:FS "SELECT TOP 20 Path, CreationTime from c:\inetpub\wwwroot\*.* ORDER BY CreationTime DESC" -rtp:-1
Path CreationTime
----------------------------------------------------------- ------------------
c:\inetpub\wwwroot\Default.asp 6/22/2003 6:00:01
c:\inetpub\wwwroot\About.asp 6/22/2003 6:00:00
c:\inetpub\wwwroot\global.asa 6/22/2003 6:00:00
c:\inetpub\wwwroot\Products.asp 6/22/2003 6:00:00
...
http://securityfocus.com/printable/infocus/1712 29/08/2003
SecurityFocus Printable INFOCUS 1712 Page 5 of 15
C:\>logparser -i:FS "SELECT TOP 20 Path, LastWriteTime from c:\inetpub\wwwroot\*.* ORDER BY LastWriteTime DESC" -rtp:-1
Path LastWriteTime
----------------------------------------------------------- ------------------
c:\inetpub\wwwroot\Default.asp 6/22/2003 14:00:01
c:\inetpub\wwwroot\About.asp 6/22/2003 14:00:00
c:\inetpub\wwwroot\global.asa 6/22/2003 6:00:00
c:\inetpub\wwwroot\Products.asp 6/22/2003 6:00:00
...
! ( ; ! ! # ! +
! , ! ! #( ! " " ! ! 9((* #
= " ! + ! , &
C:\WINNT\System32\LogFiles\W3SVC1>logparser "SELECT DISTINCT TO_LOWERCASE(cs-uri-stem) AS URL, Count(*) AS Hits FROM ex*.log WHERE
sc-status=200 GROUP BY URL ORDER BY URL" -rtp:-1
URL Hits
---------------------------------------- -----
/About.asp 122
/Default.asp 9823
/downloads/setup.exe 701
/files.zip 1
/Products.asp 8341
/robots.txt 2830
...
% ! " " ! # ! ! # + # + # +
" # + # + # #
! +%
! ! " ! ! " + #5 +
# ! ! + ! + #( ! ,
! ! + + 2 ; " 3&
http://securityfocus.com/printable/infocus/1712 29/08/2003
SecurityFocus Printable INFOCUS 1712 Page 6 of 15
C:\>logparser -i:fs "SELECT TO_LOWERCASE(SUBSTR(Name, LAST_INDEX_OF(Name,'.'), STRLEN(Name))) AS Extension, Count(*) as Files from
c:\inetpub\wwwroot\*.*, c:\inetpub\scripts\*.* WHERE Attributes NOT LIKE 'D%' GROUP BY Extension ORDER BY Files DESC" -rtp:-1
Extension Files
--------- -----
.gif 704
.asp 180
.jpg 44
.css 43
.htm 28
.txt 21
.html 6
.dll 5
.zip 4
$ ! " ! #) ! , "
+ ! " ! #6 " " !
! !! #
http://securityfocus.com/printable/infocus/1712 29/08/2003
SecurityFocus Printable INFOCUS 1712 Page 7 of 15
" " ! G G H ! #
5 " ! #( ! " I #
( ; " !! &
C:\WINNT\System32\LogFiles\W3SVC1>logparser "SELECT date, QUANTIZE(time, 3600) AS hour, sc-status, Count(*) AS Errors FROM ex03*.log
WHERE sc-status>=400 GROUP BY date, hour, sc-status HAVING Errors>25 ORDER BY Errors DESC" -rtp:-1
C:\WINNT\System32\LogFiles\W3SVC1>logparser "SELECT c-ip, cs-uri-stem, Count(*) as Hits FROM ex*.log WHERE TO_LOWERCASE(cs-uri-stem)
NOT LIKE '%.gif' AND TO_LOWERCASE(cs-uri-stem) NOT LIKE '%.jpg%' AND c-ip IN (SELECT c-ip FROM ex030622.log WHERE sc-status=404) AND
sc-status=200 GROUP BY c-ip, cs-uri-stem" -rtp:-1
http://securityfocus.com/printable/infocus/1712 29/08/2003
SecurityFocus Printable INFOCUS 1712 Page 8 of 15
199.154.189.199 /About.asp 1
63.54.202.2 /Products.asp 18
63.54.202.2 /main.css 1
81.112.9.62 /Default.asp 1
...
. * " ! * # # !!
" !! + * #$ ! ! "
4 5 ! !! * &
c-ip cs(User-Agent)
---------------- -------------------------------------------------------------
63.54.202.2 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+Q312461;+.NET+CLR+1.0.3705
199.154.189.199 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+Q312461;+.NET+CLR+1.0.3705)
( * " !! + " $)
!+ #60( # ! ! #(
! * ! #7 ! ! "
/ " #( , , #9
! " ! ! # ! " !
G 9((* #( ! ! , ! ! * ! !
/ ! #) ! !! + ! !
! ! " ! * # ! ! * " !
! ! " * # ! * " * ! #
!, *
http://securityfocus.com/printable/infocus/1712 29/08/2003
SecurityFocus Printable INFOCUS 1712 Page 9 of 15
C:\WINNT\System32\LogFiles\W3SVC1>logparser "SELECT DISTINCT date, cs-uri-stem, c-ip, Count(*) AS Hits FROM ex*.log GROUP BY date,
c-ip, cs-uri-stem HAVING Hits>50 ORDER BY Hits Desc" -rtp:-1
5 ! , + 5)* ) , # "
" ! #( ! , ! 5)* ! &
C:\WINNT\System32\LogFiles\W3SVC1>logparser "SELECT cs-uri-query, Count(*) AS Total FROM ex*.log WHERE sc-status>=500 GROUP BY cs-
uri-query ORDER BY Total DESC " -rtp:-1
cs-uri-query Total
------------------------------------------------------------------------- ----------
Out-of-process+ISAPI+extension+request+failed. 18
|55|8000ffff|Catastrophic_failure__ 8
|49|8000ffff|Catastrophic_failure__ 6
|74|800a01c2|Wrong_number_of_arguments_or_invalid_property_assignment 1
...
! ! , ! # ! $1 %
http://securityfocus.com/printable/infocus/1712 29/08/2003
SecurityFocus Printable INFOCUS 1712 Page 10 of 15
5 ! # ! ! ) !
! , &
C:\WINNT\System32\LogFiles\W3SVC1>logparser "SELECT cs-uri-stem, sc-status, Count(*) AS Total FROM ex*.log WHERE TO_LOWERCASE(cs-
uri-stem) LIKE '%.asp%' or TO_LOWERCASE(cs-uri-stem) LIKE '%.exe%' GROUP BY cs-uri-stem, sc-status ORDER BY cs-uri-stem, sc-status"
-rtp:-1
5 ! 7 ) " &
http://securityfocus.com/printable/infocus/1712 29/08/2003
SecurityFocus Printable INFOCUS 1712 Page 11 of 15
C:\WINNT\System32\LogFiles\W3SVC1>logparser "SELECT cs-uri-stem, cs-method, Count(*) AS Total FROM ex*.log WHERE (sc-status<400 or
sc-status>=500) AND (TO_LOWERCASE(cs-uri-stem) LIKE '%.asp%' or TO_LOWERCASE(cs-uri-stem) LIKE '%.exe%') GROUP BY cs-uri-stem, cs-
method ORDER BY cs-uri-stem, cs-method" -rtp:-1
' '
5 " #C ! 4:./ # ! !
" #) " " " ! ! " #(
! , " ! " !
C:\WINNT\System32\LogFiles\W3SVC1>logparser "SELECT cs-uri-stem, Count(*) as Hits, AVG(sc-bytes) AS Avg, Max(sc-bytes) AS Max, Min
(sc-bytes) AS Min, Sum(sc-bytes) AS Total FROM ex*.log WHERE TO_LOWERCASE(cs-uri-stem) LIKE '%.asp%' or TO_LOWERCASE(cs-uri-stem)
http://securityfocus.com/printable/infocus/1712 29/08/2003
SecurityFocus Printable INFOCUS 1712 Page 12 of 15
5 ! " &
C:\WINNT\System32\LogFiles\W3SVC1>logparser "SELECT cs-uri-stem, Count(*) as Hits, AVG(cs-bytes) AS Avg, Max(cs-bytes) AS Max, Min
(cs-bytes) AS Min, Sum(cs-bytes) AS Total FROM ex*.log WHERE TO_LOWERCASE(cs-uri-stem) LIKE '%.asp%' or TO_LOWERCASE(cs-uri-stem)
LIKE '%.exe%' GROUP BY cs-uri-stem ORDER BY cs-uri-stem" -rtp:-1
http://securityfocus.com/printable/infocus/1712 29/08/2003
SecurityFocus Printable INFOCUS 1712 Page 13 of 15
C:\WINNT\System32\LogFiles\W3SVC1>logparser "SELECT cs-username, Count(*) AS Hits from ex*.log WHERE cs-username IS NOT NULL GROUP
BY cs-username ORDER BY Hits Desc" -rtp:-1
( -+
C:\WINNT\System32\LogFiles\W3SVC1>logparser "SELECT DISTINCT cs(User-Agent) FROM ex*.log WHERE TO_LOWERCASE(cs(User-Agent)) NOT LIKE
'%mozilla%' AND TO_LOWERCASE(cs(User-Agent)) NOT LIKE '%opera%' ORDER BY cs(User-Agent)" -rtp:-1
)"
= " ! ! #7 , "
" ! ! ! ! #. * !
" , , ! " ! #
+% +
http://securityfocus.com/printable/infocus/1712 29/08/2003
SecurityFocus Printable INFOCUS 1712 Page 14 of 15
' 7 #9 !
) 6 2) * ) 6& K D H D3# 9 ) $*)&
9 6 ) ! ! 46 ? $ 2) * ) 6& K D DK 3J +" " 7 ) 2)5 ) *
) 6& DH KDI K3J 1 #( ") / )5 ) 2) * ) 6& K D DD 3# "
" ' #
" ) =
% L KKK ) =
http://securityfocus.com/printable/infocus/1712 29/08/2003
SecurityFocus Printable INFOCUS 1712 Page 15 of 15
http://securityfocus.com/printable/infocus/1712 29/08/2003