IIS（Internet Information Server）是黑客特别喜欢的目标。因此，对于管理IIS网页服务器的管理员来说，确保服务器安全是一件至关重要的事。IIS 4.0和IIS 5.0的默认值安装尤其容易受到攻击。
Developers = Full
IUSER = Read and execute only
System and admin = Full
加入IIS漏洞邮件清单(mailing list)，并要确实加以阅读以掌握最新状态。这种列表有来自因特网安全系统的X-Force Alerts and Advisories。
Log Parser is one cool tool. Created by Gabriele Giuseppini, a software engineer at Microsoft, the original Log Parser 1.0 was developed for Microsoft's internal testing purposes. It proved so popular that a public version, Log Parser 2.0, was released in 2001, and it has gone through two iterations, the current version being 2.2 and available from the Microsoft Download Center.
Log Parser operates as a kind of data pipeline. Into this pipe you can send information from IIS logs, Windows Event logs, Active Directory information, file system data, Registry data, Network Monitor traces, and so on. Once the data is in the pipe, you can process it using SQL statements; for example, to select certain portions of the data by a
SELECT query. Then, as the processed data comes out of the pipeline, you can output it to text files, HTML files, Excel-style charts, or a SQL database table, or simply to the console as raw output. Putting these into proper syntax, a typical Log Parser command looks something like this:
Things can get a bit more complicated, but that's the basic idea.
Of course, the best way to learn about Log Parser is to actually use it, so let's see what we can do, using the Windows Event logs as a data source. After installing Log Parser, open a command prompt and change to the C:\Program Files\Log Parser directory, where the logparser.exe executable resides. Let's begin with a simple query to select all records from the System log:
Since there's no output format specified, Log Parser writes the output to the console. The result is a series of messy-looking records like this:
This event, for example, is an event of type
Information that has an event ID of
7035 and an event source of
Service Control Manager. Log Parser will display these events ten at a time, prompting you for a keystroke to continue or Ctrl-C to abort.
Let's focus in on events of type
Error, as these are likely to be of some importance to us:
We still get messy-looking results, but now they're all
What kinds of
Error events are we getting in our machine's System log? Let's output only the event sources this time:
The screen output now looks like this:
What are the different kinds of
Error events in our System log, and how many of each source type were recorded? Log Parser can easily tell us this:
And here's what we get:
NETLOGON errors may be important, so let's key in on those and display the event IDs for these events plus the date and time they were generated (sorted in descending order):
The output now looks like this:
What's the description for an event that has event ID
5719? Let's use Log Parser to find out:
This gives us:
Uh-oh, could be a problem. Was the network down? Did the domain controller go offline? We need to investigate this further, but if you want a good source of help for understanding events like this, search EventID.net for information on events with this event ID.
This brief look at Log Parser only scratches the surface of what it can do. How can you learn how to do more with this tool?
First, you obviously need a good knowledge of SQL syntax to construct
SELECT statements. A good resource for learning the basics is SQL Tutorial from FirstSQL.
Next, check out this Professor Windows article on Microsoft's web site, which gives you an excellent bird's-eye view of what Log Parser can do.
After that, you can familiarize yourself with the syntax of Log Parser by typing
logparser -h and viewing the Help information displayed.
Once you've started to rock and roll with Log Parser, check out The Unofficial Log Parser Support Site, where you can find tons of resources and a thriving online community that can answer any questions you might have about using the tool.
Finally, pick up a copy of the Microsoft Log Parser Toolkit (Syngress) and kick your learning into high gear. You'll soon be an expert and wonder how you ever managed your Windows systems before Log Parser came around.