3

We have an MVC website running on Production and recently had a PCI scan. For some reason it crashes the web server during scan and we are trying to find out the cause.

We have an IIS log that we study using a Log Parser tool. There is 500 Internal Server error for one of the site url but what is odd is, it is referring to the base url of site with request type "POST".

This is how the logs look like

Microsoft (R) Log Parser Version 2.2.10
Copyright (C) 2004 Microsoft Corporation. All rights reserved.

C:\Program Files (x86)\Log Parser 2.2>logparser.exe "SELECT sc-status, sc-substa
tus, COUNT(*) FROM *.log GROUP BY sc-status, sc-substatus ORDER BY sc-status" -i
:w3c
sc-status sc-substatus COUNT(ALL *)
--------- ------------ ------------
200       0            1590
301       0            7
302       0            164
304       0            2
403       0            2
403       14           5
404       0            2631
404       8            16
404       11           6
404       15           2
Press a key...
sc-status sc-substatus COUNT(ALL *)
--------- ------------ ------------
405       0            12
500       0            2

Statistics:
-----------
Elements processed: 4439
Elements output:    12
Execution time:     10.47 seconds


C:\Program Files (x86)\Log Parser 2.2>logparser.exe "SELECT cs-uri-stem, COUNT(*
) FROM *.log WHERE sc-status=500 GROUP BY cs-uri-stem ORDER BY COUNT(*) DESC" -i
:w3c
cs-uri-stem COUNT(ALL *)
----------- ------------
/           2

Statistics:
-----------
Elements processed: 4439
Elements output:    1
Execution time:     0.02 seconds


C:\Program Files (x86)\Log Parser 2.2>logparser.exe "SELECT cs-method,  cs-uri-s
tem, COUNT(*) FROM *.log WHERE sc-status=500 GROUP BY cs-method,  cs-uri-stem OR
DER BY COUNT(*) DESC" -i:w3c
cs-method cs-uri-stem COUNT(ALL *)
--------- ----------- ------------
POST      /           2

Statistics:
-----------
Elements processed: 4439
Elements output:    1
Execution time:     0.00 seconds


C:\Program Files (x86)\Log Parser 2.2>

Any help on this would be highly appreciated.

Ammar Khan
  • 346
  • 1
  • 9
  • 27
  • Maybe you could upload the log file somewhere to be analysed. For me logparser.exe does not help – Samir Sadek Oct 08 '17 at 19:35
  • @SamirSadek Can you suggest, which tool should I use to analyse? – Ammar Khan Oct 08 '17 at 19:48
  • I am not used to work on Windows. On linux, there are plenty of tool availalable on the shell. But checking the log file and see what happened before the events occurs could help. Then all the log files at the moment of the crash could give clues. Most probably there is side effect somewhere: disk, network,... – Samir Sadek Oct 08 '17 at 20:01
  • 2
    Did you look in the event log? Crash data including call stacks are usually logged there. – Mike Oct 09 '17 at 00:17
  • I tried to do something similar long time ago. It did not end well. You should go and have a look in the event logs. Uncatched exceptions are all displayed there (check the warnings). I would also with the devs. They may have logs in DB! –  Oct 15 '17 at 13:14

0 Answers0