cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
318
Views
0
Helpful
3
Replies

TR: Unable to find web logs for server

intertechusa
Level 1
Level 1

Hi,

I'm running Threat Response and am getting alarms that when investigated search for the web logs but can't find them on the servers. I don't see where you can configure anything for this. I know TR is logging in to the server.

Has anyone run into this problem?

3 Replies 3

sirpa_k
Level 1
Level 1

I guess yuu have to configure thsi on the server.

cskipper
Level 1
Level 1

CTR does not have the capibility to configure the level 2 agents to update/change the default location of queried web logs.

If the target system is running IIS, we look at the following location:

HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\LogFileDirectory

Which will work in most default situations. Unfortunately, most of the configuration information is stored in the IIS metabase on the target system and not in the registry. So if the user changes the location of the log files in the metabase, that change is not reflected in the registry. They can work around this problem by manually changing the registry.

If the target system is running Apache, we look at the following location:

HKLM\SOFTWARE\Apache Group\Apache\\ServerRoot

To get the installation directory, and then append "\logs" to that path. This should work in most default situations.

Hope this helps

Chad R. Skipper

Not applicable

I do have the logs saved in the default location but there are multiple log file directories since I am running multiple web sites on the same server. CTR can't figure out which set of logs to look at. Is there any way to define multiple log file paths when there are multiple web sites running on the same server under IIS? The registry only allows me to set one path so the web logs for only one web site could be found.

For example the following running on one server:

Web Site 1

IP: x.x.x.1

Log File Dir: C:\WINNT\system32\LogFiles\W3SVC1

Web Site 2

IP: x.x.x.2

Log File Dir: C:\WINNT\system32\LogFiles\W3SVC2

Thanks for any help,

Mel Sleight

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: