What is the easiest way to analyze (find out who accessed what on my server at what time) IIS logs?

Log Parser is probably the most popular tool for the job.http://www.microsoft.com/technet/scriptcenter/tools/logparser/default.mspxAlso check out the Log Parser forums on theMS IIS website at: http://forums.iis.net/default.aspx?GroupID=51

Thanks. Anything more simple? Maybe I'm looking at this prgram the wrong way.

Looks kind of difficult just to see who accesed a file...

Off the top of my head, I don't know of anything. Log Parser is actually not ascomplicated as it looks, but if you are not familiar with writing SQL queries, I suppose there is a little bit to learn.If you are looking to find who is accessing a specific file, you can enable file auditing and those event will show up in your normal Windows Security logs. The problem with auditing files on a web server though is that if the site is using anonymous authentication, the user will always be the anonymous user account, such as IUSR or IUSR_server. If the web site is configured with Windows Authentication, you are good. The security logs will display the acutal user that is accessing the file.Enable file audting:- Open the Local Security Policy MMC, located in the Administrative Tools. In the Audit Policy section, open "Audit object access",select Success and Failure and click OK. Right-click Security Settings and select Reload.- Right-click on the file you wish to track access and select Properties. Select the Security tab and click Advanced. Select the Auditing tab and click Add. Type in Everyone in the box and click OK. Select Full Control on both the Successful and Failed columns and click OK. Continue to click OK until all windows have closed. Now anytime a user accesses that file, an event will belogged in the Windows Security log. Inside the event will include the user that accessed it.

So if I go into my server and say I want to know what time Mary opened any file, will this tell me?

Yes.Object access security eventsinclude date, time and user in every event. You canapply filters to the security logs to narrow your results down to a specific time and/or user. To apply a filter (Vista/2008):- Open the Event Viewer (eventvwr.msc), exapnd the Windows Logs folder and click on Security. Right-click on Security and select Filter Current Log. There are a number of parameters you can filter on. For example,you can select a time range from the drop-down menu. For event level, just check all of the event types. In Event Sources, I believe you should see Object Access, and you can select that, or you can just select <All Event Sources> at the top of the list. In the User field, type in the user name, such as DOMAIN\JohnD.You should be able to find tips on using the Event Viewer by searching MS Technet and/or the web.

hi there, i see that your question is related to IIS, there is a dedicated forum to answer IIS related queries, please use the link below and post your question http://forums.iis.net/thanks for understanding. and you can follow the above mentioned procedures.sainath Attending Microsoft Teched 2009

Hello, In other words you are looking for Auditing IIS. Please refer to the following link.http://technet.microsoft.com/en-us/library/cc757480(WS.10).aspx You can use security auditing techniques to track the activities of users and to detect unauthorized attempts to access your NTFS file system directories and files. Activities that you can audit include the following: User attempts to log on, both successful and unsuccessful. User attempts to access restricted accounts. User attempts to execute restricted commanhttp://technet.microsoft.com/en-us/library/cc737479(WS.10).aspx Thankshttp://technetfaqs.wordpress.com