About Auditing

You can use auditing techniques to monitor a broad range of security-related activity. Auditing consists of creating auditing polices for directory and file access or server events, and monitoring the security logs to detect any access attempts by unauthorized persons.

You can configure the security logs to record information about either directory and file access, or server events, or both. These are recorded in the Windows Security log. Also, the IIS logging features can record events specific to IIS. By regularly reviewing these files, you can detect areas of your server or your sites that may be subject to attacks or other security problems. For more information about reviewing these logs, see Detecting Unauthorized Access. For more information about IIS logging, see Logging Site Activity.

Auditing Directory or File Access

You can monitor access attempts, either successful or unsuccessful, at the directory or file level. This includes events such as reading the file, writing to the file, and browsing a directory. You can choose which events you want to audit for any file or directory. This level of auditing is set by using Windows Explorer. For more information, see Configuring and Monitoring Auditing.

Important   Your server's file system must be configured to NTFS to use these auditing features. For information about converting the file system, see the Windows documentation.

Auditing Server Events

You can monitor server-wide events, such as logging on and off the Web server, changing Web server security policies, and shutting down the server computer. Events are audited for the entire computer, rather than certain directories or files. This level of auditing is set by using the Audit Polices in the Microsoft Management Console. For more information, see Configuring and Monitoring Auditing.

Auditing Web or FTP Site Access

You can monitor access attempts, either successful or unsuccessful, to access your Web or FTP sites, virtual directories, or files. This includes events such as reading the file or writing to the file. You can choose which events you want to audit for any site, virtual directory, or file. This level of auditing is set by using the IIS snap-in. For more information, see Logging Site Activity.


© 1997-1999 Microsoft Corporation. All rights reserved.