Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

TR: Unable to find web logs for server

Hi,

I'm running Threat Response and am getting alarms that when investigated search for the web logs but can't find them on the servers. I don't see where you can configure anything for this. I know TR is logging in to the server.

Has anyone run into this problem?

3 REPLIES
New Member

Re: TR: Unable to find web logs for server

I guess yuu have to configure thsi on the server.

New Member

Re: TR: Unable to find web logs for server

CTR does not have the capibility to configure the level 2 agents to update/change the default location of queried web logs.

If the target system is running IIS, we look at the following location:

HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\LogFileDirectory

Which will work in most default situations. Unfortunately, most of the configuration information is stored in the IIS metabase on the target system and not in the registry. So if the user changes the location of the log files in the metabase, that change is not reflected in the registry. They can work around this problem by manually changing the registry.

If the target system is running Apache, we look at the following location:

HKLM\SOFTWARE\Apache Group\Apache\\ServerRoot

To get the installation directory, and then append "\logs" to that path. This should work in most default situations.

Hope this helps

Chad R. Skipper

Anonymous
N/A

Re: TR: Unable to find web logs for server

I do have the logs saved in the default location but there are multiple log file directories since I am running multiple web sites on the same server. CTR can't figure out which set of logs to look at. Is there any way to define multiple log file paths when there are multiple web sites running on the same server under IIS? The registry only allows me to set one path so the web logs for only one web site could be found.

For example the following running on one server:

Web Site 1

IP: x.x.x.1

Log File Dir: C:\WINNT\system32\LogFiles\W3SVC1

Web Site 2

IP: x.x.x.2

Log File Dir: C:\WINNT\system32\LogFiles\W3SVC2

Thanks for any help,

Mel Sleight

133
Views
0
Helpful
3
Replies
CreatePlease to create content