Creating Audit Records Using ASP

With Active Server Pages (ASP) you can generate custom audit records for precisely monitoring a specific Web site's security activity. For example, suppose you are interested in auditing the authentication activity of a restricted Web site. With ASP you can create a compact server-side script that you add to the Web site's logon page, which records only the authenticated account names of users who have accessed that site.

To create audit records using ASP
  1. In standard text (ASCII) editor open an existing .asp file and insert the following script (If you do not have an existing .asp file create a basic .html file and insert the following script between the HTML <BODY> </BODY> tags. For more information, see Creating a Web Page with a Text Editor): 

    2. <%
'Find the physical path for the file in the current directory. 
MainPath = Request.ServerVariables("PATH_TRANSLATED")

'Determine the path for the current page and then remove the
'name of the file from the path (leaving just the directory).
Length = Len(MainPath)
Do While (Mid(MainPath, Length, 1) <> "\")
  Length = Length - 1
Loop
FilePath = left(MainPath, Length)
LogFilePath = FilePath + "LogFile.log"


'Open the log file so that new log items can be appended to to previous items
Application.Lock
Set FileObject = Server.CreateObject("Scripting.FileSystemObject")
Set OutStream=FileObject.OpenTextFile(LogFilePath, 8, TRUE)

'Define variables to be placed in log file.
UserName=Trim(Request.ServerVariables("HTTP_LOGONUSER") )
If Len(UserName) < 2 Then UserName = "Anonymous"
Host=Request.ServerVariables("REMOTE_HOST")
IPAddr = Request.ServerVariables("REMOTE_ADDR")
If Host <> IPAddr Then Host = Host + " (" + IPAddr + ")"

'Write the logging information to a text file
OutStream.WriteLine UserName&" from "& Host &" visited "&MainPath& " at " & Time &" on " &  Date
OutStream.Close
Set OutStream = Nothing
Application.Unlock
%>

  2. Save your file using an .asp extension (make sure that the text editor does not automatically add a .txt extension to your document), then open the file in a Web browser.

    3. Note   If your .asp file does not contain content, such as text or images, the browser will not display any information.

  3. In a text editor, open logfile.txt, which resides in the directory where you saved your .asp file. The log file should contain a line of information indicating that you accessed the file.

    Note   The previous example script used the ASP server environment variables to collect information about user logon, host, and IP address information. You can extend the your own scripts by incorporating a variety of other available server variables, such as variables for detecting whether an HTTP request to your ASP page was handled over a secure communication port. For more information, see the Request Object.

© 1997 by Microsoft Corporation. All rights reserved.