'Throughput GreaterThan ******* (BytesPerSecond) in the last 5 minutes' on Gateway : YoManE HelpDesk

Log onto Portal and confirm the exact time that this event took place.

Once you have the correct time, find the log files

Log onto the Web Server and find the IIS Log Files, check for most recent log file, it should be modified on the day the event took place, in this case the error was on Errors.yomane.com, so browse to that log file location

G:\IIS_Logs\errors.yomane.com\W3SVC17

Check the time, it will tell you the source IP, in this case it was called by the WAF on 10.0.5.4

#Software: Microsoft Internet Information Services 8.5

#Version: 1.0

#Date: 2017-10-19 08:04:15

#Fields: date time cs-method cs-uri-stem cs-uri-query cs-username c-ip cs-version cs(User-Agent) cs(Referer) sc-status sc-bytes

2017-10-19 08:04:15 GET / - - 10.0.5.4 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:56.0)+Gecko/20100101+Firefox/56.0 - 302 295

2017-10-19 08:04:15 GET /Login.aspx - - 10.0.5.4 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:56.0)+Gecko/20100101+Firefox/56.0 - 200 4333

2017-10-19 08:06:27 POST /Login.aspx - - 10.0.5.4 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:56.0)+Gecko/20100101+Firefox/56.0 https://errors.yomane.com/Login.aspx 302 444

2017-10-19 08:07:01 GET /favicon.ico - - 10.0.5.4 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:56.0)+Gecko/20100101+Firefox/56.0 - 200 370272

2017-10-19 08:07:28 GET /Default.aspx - - 10.0.5.4 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:56.0)+Gecko/20100101+Firefox/56.0 https://errors.yomane.com/Login.aspx 200 0

2017-10-19 08:07:58 GET / - - 10.0.2.4 HTTP/1.1 Mozilla/5.0+(Windows+NT+6.3;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko - 302 377

2017-10-19 08:07:58 GET /Login.aspx - - 10.0.2.4 HTTP/1.1 Mozilla/5.0+(Windows+NT+6.3;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko - 200 4414

2017-10-19 08:08:18 POST /Login.aspx - - 10.0.2.4 HTTP/1.1 Mozilla/5.0+(Windows+NT+6.3;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko http://errors.yomane.com/Login.aspx 200 4702

2017-10-19 08:08:25 POST /Login.aspx - - 10.0.2.4 HTTP/1.1 Mozilla/5.0+(Windows+NT+6.3;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko http://errors.yomane.com/Login.aspx 302 526

2017-10-19 08:09:24 GET /assets/css/StyleEng.css - - 10.0.2.4 HTTP/1.1 Mozilla/5.0+(Windows+NT+6.3;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko http://errors.yomane.com/Default.aspx 200 2275

2017-10-19 08:09:24 GET /Default.aspx - - 10.0.2.4 HTTP/1.1 Mozilla/5.0+(Windows+NT+6.3;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko http://errors.yomane.com/Login.aspx 200 5616

2017-10-19 08:09:24 GET /assets/css/jquery-ui-1.8.10.custom.css - - 10.0.2.4 HTTP/1.1 Mozilla/5.0+(Windows+NT+6.3;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko http://errors.yomane.com/Default.aspx 200 8193

If you can replicate the Alert by logging back onto Errors.Yomane.com (in this case) then that is the error.

* Note: 10.0.5.4 and 10.0.5.5 are the TWO instances of the WAF

YoManE HelpDesk

'Throughput GreaterThan ******* (BytesPerSecond) in the last 5 minutes' on Gateway

Modified on: Fri, 16 Mar, 2018 8:46 AM

Related Articles