01-21-2004 09:23 AM - edited 03-09-2019 06:11 AM
Hi,
I'm running Threat Response and am getting alarms that when investigated search for the web logs but can't find them on the servers. I don't see where you can configure anything for this. I know TR is logging in to the server.
Has anyone run into this problem?
01-27-2004 09:09 AM
I guess yuu have to configure thsi on the server.
02-02-2004 01:07 PM
CTR does not have the capibility to configure the level 2 agents to update/change the default location of queried web logs.
If the target system is running IIS, we look at the following location:
HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\LogFileDirectory
Which will work in most default situations. Unfortunately, most of the configuration information is stored in the IIS metabase on the target system and not in the registry. So if the user changes the location of the log files in the metabase, that change is not reflected in the registry. They can work around this problem by manually changing the registry.
If the target system is running Apache, we look at the following location:
HKLM\SOFTWARE\Apache Group\Apache\
To get the installation directory, and then append "\logs" to that path. This should work in most default situations.
Hope this helps
Chad R. Skipper
05-11-2004 09:31 AM
I do have the logs saved in the default location but there are multiple log file directories since I am running multiple web sites on the same server. CTR can't figure out which set of logs to look at. Is there any way to define multiple log file paths when there are multiple web sites running on the same server under IIS? The registry only allows me to set one path so the web logs for only one web site could be found.
For example the following running on one server:
Web Site 1
IP: x.x.x.1
Log File Dir: C:\WINNT\system32\LogFiles\W3SVC1
Web Site 2
IP: x.x.x.2
Log File Dir: C:\WINNT\system32\LogFiles\W3SVC2
Thanks for any help,
Mel Sleight
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide