Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
This group should mostly be dealing with how web applications enable networking security issues that are otherwise not there. Everything is being tunneled over port 80 now so what does that enable and how do we fix it? 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
IIS Logging
Posted by: Tek
Date: May 20, 2008 03:19PM

Just want to confirm - Is there a way to look at POSTs (when a user performs an http post) when analyzing each line in the standard IIS server logs? I know GET parameters are visible

Thanks!

Options: ReplyQuote
Re: IIS Logging
Posted by: rsnake
Date: May 27, 2008 10:21PM

Not in a standard log, no. You have to modify your logging.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: IIS Logging
Posted by: Tek
Date: May 28, 2008 09:21AM

Thanks for getting back to me - is this something standard that can be done using IIS?

Options: ReplyQuote
Re: IIS Logging
Posted by: rsnake
Date: May 29, 2008 10:47AM

Some of this might help you:
http://msdn.microsoft.com/en-us/library/ms524802(VS.85).aspx

Explanation about logging POST in IIS and that it's not something you can easily enable:
http://blog.phishme.com/2007/10/

If you trust .cz downloads:
http://www.15seconds.com/tool/pg000141.htm

But anyway, a custom ISAPI filter is probably your best bet.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: IIS Logging
Posted by: MAdhaTTer-240
Date: July 09, 2008 10:51AM

rsnake Wrote:
-------------------------------------------------------
> If you trust .cz downloads:
> http://www.15seconds.com/tool/pg000141.htm

HA! so true... I think you left out .ru, .cn and .ua ;)

Options: ReplyQuote


Sorry, only registered users may post in this forum.