I'm planning to get some information by processing IIS Log files (after I imported them into SQL Server database).
Now, even if user gives wrong username/password, but request to a file that exists on the server, it is logged and I cannot detect weather the user has received the file, or not.
I want to process only requests that are responsed without error.
The environment uses Windows authentication mode.
Thank you
You should look at the sc-status in the log entry. This is a list of http status codes from wikipedia but basically any request that result in a status code in the 200s (usually a 200 OK) it means a successful request.
Requests that weren't authenticated will result in a 401 Unauthorized or maybe even 403 Forbidden
Basically you know the outcome of the request based on the status code. IIS also gives you sc-substatus and sc-win32-status for more debugging that is available here
