Auditing Server Activity
You can use security auditing techniques to monitor a broad range of user and Web server security activity. You should routinely audit your server configuration to detect areas where resources might be susceptible to unauthorized access and tampering. For example, you can audit the following user activities:
Logon attempts, both successful and unsuccessful
Attempts to access restricted accounts
Attempts to execute restricted commands
You can use the integrated Windows utilities, or the logging features built into IIS, or use Active Server Pages (ASP) applications to create your own auditing logs.