No, WebInspect is used to scan and interrogate the web front-end (HTTP) of the site.  From that perspective, it cannot (normally) access any log files on that remote server's hard drive.

This might be something you would do with a SIEM, such as HP ArcSight's ESM or Logger solution.  Those offer Connectors which can lift files from a system or appliance and review for risks or unwanted activity.

Another solution you might review if HP Fortify's Runtime product.  This wraps the web server's framework and captures all user activity within and through the application, whether is is Java-base don run son IIS .NET.  This user activity can be logged, blocked, or both, and it can share the monitored activity with ArcSight ESM.  Besides the core Runtime product, HP AppView is a version of Fortify Runtime which is specifically tailored to be used with ArcSight ESM and it has a slightly different focus in the events that it monitors.  The same Runtime on-site capability can be leveraged and managed from a Cloud perspective with HP AppDefender.

I have to agree with in general, but do desire to know if you have a specific example you could point too.  This would assist in getting a better answer that you might be seeking.

Are you actually referring to a specific report or the application log on the server that is conducting the scan?

Or are you actually referencing the Log View (Tools --> Log Viewer) of the application and the various components it offers?

So any more details will help if it is specific to the HP WebInpsect product.

Thanks,

Joel E. Natt CISSP, CRISC
Hewlett-Packard Enterprise Software Education

Exam Development Lead – Hewlett-Packard Enterprise Software

Trainer – HP Software Education – Fortify, TippingPoint

Get Training: http://www.hpenterprisesecurity.com/university

Get Certified: http://h10120.www1.hp.com/ExpertOne/certification_program_overview.html

Hi,

I am referring to application log on the server( back end)  where logs are printing.

Thanks

Omprakash B