Make your web server log files more secure

IIS is the Internet Information Service, one of the popular web servers today, which provides powerful Internet and intranet services. Therefore, there are still many units that use IIS as the web server software. By default, these servers must allow public access to their resources. But we have found that many organizations spend far more time on defense attacks than they do to maintain and deliver Web services.

IIS Security

However, the attack here is quiet. Unless your organization's Web site becomes a victim of a devastating attack, or is injected with some kind of malicious code, in general, hackers will attack your server in an imperceptible way, due to what the server may receive. Caused by absolute traffic. However, you will never be indifferent. With a little set-up, you can create trouble for the hacker's damage, making it impossible to hide its sins, and it is easy for you to discover its actions. The method described in this article will add some security to your web server log files.

If a hacker attacks your web server, or even if you just want to check its security status, then the web log will be your first choice for finding information. By default, you can find these log files at %SYSTEMROOT%/System32/logfiles.

However, this location is well known and has become a target, so you should move the log files to a non-system drive that does not save or maintain your Web site. To change the location of the log file, you need to log in to the web server as an administrator. You can follow the steps below:

1. Click "Start", find "My Computer", right click , select "Resource Manager".

2. Find the drive and folder where you want to relocate the log files.

3. You can also right-click in the window pane on the right and select "New Folder".

4. Give the new folder a name (for example, zclIISlogs) and press Enter.

5. Click Start /Control Panel, click Administrative Tools, and click Internet Information Services (IIS) Manager.

6. Right click on your web site and select "Properties".

7. On the "Sites" tab, click the "Properties" button after the "Active Log Format" to bring up the "Logging Properties" window. Under "Log File Directory", locate and click the "Browse" button to find the folder you just created to store the IIS log files.

8. Click OK three times.

If a user has multiple sites, you will need to repeat these steps for each site. However, don't forget that you need to manually move the previous log files from their original location to the new folder.

Since the log file already has a new location, you need to assign the appropriate permissions to this directory. Please follow the steps below:

1. Right-click on the folder you just created and select "Properties".

2. Click the "Security" tab and click the "Advanced" button to bring up a new dialog box.

3. Deselect "Allow parent's inherited permissions to propagate to this object and all child objects."

4. A warning window will pop up and click "Clear".

5. Click the "Add" button, click the "Advanced" button, select the "administrators" system administrator account, and click "OK".

6. Click “administrators”, set it to “Full Control” and click “OK”.

Conclusion

Log files can be the only way we can study the events that try to smash web servers. We should change its location, monitor it, and be able to transmit it to a new location away from the site every day.