Why is Web access logging important for a server?
Unless the Web access is logged, it will not be possible to detect security breaches or DoS attacks. And also if rotation of log files is not implemented in the server, new logs will overwrite the old log entries once file size reaches the specified limit. Every URL access is logged on the Web server. Depending on the configuration set, this log file can contain information like client IP address, the requested Web object, and date/time, which can be used for analyzing an attack on the Web server. Archival policy should be formulated and implemented in the server. Access to write such log file must be restricted to the user who has started the Web server. Access to read log files should be restricted to different user, who will be reviewing the logs.
Related Questions
- If accessing the Project Server 2007 server via the Project Web Access Client, do they need additional software if accessing locally, ie. over the local LAN?
- Does Project Server 2007 require SharePoint to function fully? In particular, does the Project Web Access Client need SharePoint?
- Does Java System Web Proxy Server have built-in log analysis tools? What kind of logging does it do?
