security-basics June 2008 archive
Main Archive Page > Month Archives  > security-basics archives
security-basics: Re: Web log file analysis tool

Re: Web log file analysis tool

From: romain <r_at_nospam>
Date: Tue Jun 03 2008 - 22:15:46 GMT
To: Adriel Desautels <adriel@netragard.com>


Adriel:
Well, he is asking about the log file analysis tool which would be able to detect XSS etc. I'm just telling him about that :)

R.

   http://rgaucher.info

Adriel Desautels wrote:
> Romain, they should just use mod_security if they want to protect
> against XSS, RFI, LFI, etc.
>
> Regards,
> Adriel T. Desautels
> Chief Technology Officer
> Netragard, LLC.
> Office : 617-934-0269
> Mobile : 617-633-3821
> http://www.linkedin.com/pub/1/118/a45
>
> Join the Netragard, LLC. Linked In Group:
> http://www.linkedin.com/e/gis/48683/0B98E1705142
>
> ---------------------------------------------------------------
> Netragard, LLC - http://www.netragard.com - "We make IT Safe"
> Penetration Testing, Vulnerability Assessments, Website Security
>
> Netragard Whitepaper Downloads:
> -------------------------------
> Choosing the right provider : http://tinyurl.com/2ahk3j
> Three Things you must know : http://tinyurl.com/26pjsn
>
>
> romain wrote:
>> Well, hope you log also the POST and other variable then if you want >> to detect XSS and so on. >> Anyway, afaik, there is no such tools, but it shouldn't be too >> difficult to do using the regexp base from PHPIDS project: >> http://php-ids.org/ and your favorite scripting language... >> >> R. >> http://rgaucher.info >> >> Anja Hofmann wrote: >>> Hi! >>> Currently, I'm looking for a web log file analysis tool which does >>> not cause too much traffic/load on our LAMPP web servers. >>> I've tried hobbit monitor (http://*hobbit*mon.sourceforge.net), but >>> was disappointed, since the script I needed to search for suspicious >>> patterns (bb-msgs.pl) was not part of the main package. >>> I've also installed awstats (http://awstats.sourceforge.net/) which >>> uses worms.pm to look for suspicious windows worms. >>> However, I would love to find a plugin for awstats (or another >>> program) that could also detect XSS attempts - as far as this is >>> possible using only Apache log files. >>> Thank you very much in advance. >>> Yours sincerely, >>> Anja Hofmann >>> >>