Microsoft Log Parser Toolkit

In Chapter 2, we covered analyzing different log files to obtain information about a server s performance, usage, security, and health status. However, it is important to note that this information is derived from captured log files; in other words its history, as it represents the requests or server actions that have already occurred.
Security auditing, on the other hand, checks and scans through related settings and configurations to help determine where things might go wrong if the system is not configured properly. With this in mind, auditing is a critical element when it comes to security processes and protecting the servers. Security auditing of an IIS server covers the IIS configurations as well as IIS contents that reside on file system. This chapter showcases many useful queries that you can employ during the auditing process.
Auditing IIS mainly focuses on the IIS configurations that reside in the Metabase file. Prior to IIS 6.0, the Metabase was stored in a single binary (.bin) file. With IIS 6.0, the Extensible Markup Language (XML) file was introduced to replace these binary files. The Metabase.xml file holds the configuration settings and MBSchema.xml contains the schema for the XML configuration file.
| Tip | Auditing an IIS configuration requires a general understanding of IIS metabase knowledge, as well as the metabase property keys. To learn more about this, please refer to: www.microsoft.com/resources/documentation/IIS/6/all/techref/en-us/iisRG_MET_1.mspx. |
Metabase.xml is a plain-text XML file that can be opened via Notepad or another text editor. However, it is...