This is old, but:
http://www.sans.org/reading-room/whitepapers/tools/overview-secureiis-secured-now-402 (Interesting part starts at page 11).
But seriously, its not 1996 anymore - for the task you have been given, we have good Intrusion Detection systems and some attacks do not leave traces in logfiles. I suggest you download Snort and give it a try.
↧