Parsing IIS Logs

Microsoft’s web server is called Internet Information Services (IIS). Its current version, as of this writing, is IIS 7.5 and is included with Windows 7 and Windows Server 2008 R2. IIS logging is, by default, enabled—and with considerable detail. You may find this default configuration surprising because, more often than not, logging is minimal with most Windows installations. IIS, however, is an exception and for good reason. Web servers are the backbones of many businesses, and sales staffs want statistics on web traffic. This demand has driven IIS log development and default configurations. When you examine the data captured in these logs, their underlying purpose will become self-evident.

You manage and configure IIS through ...

Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.