security-basics June 2008 archive
Main Archive Page > Month Archives  > security-basics archives
security-basics: Re: Web log file analysis tool

Re: Web log file analysis tool

From: p1g <killfactory_at_nospam>
Date: Mon Jun 09 2008 - 22:08:48 GMT
To: "Anja Hofmann" <anja.hofmann@ub.uni-tuebingen.de>


IIS Logparser.

don't let the name fool ya. It work on many different types of logs and text files.

I use it for incident response / analysis.

On Tue, Jun 3, 2008 at 6:37 AM, Anja Hofmann <anja.hofmann@ub.uni-tuebingen.de> wrote:
> Hi!
> Currently, I'm looking for a web log file analysis tool which does not cause
> too much traffic/load on our LAMPP web servers.
> I've tried hobbit monitor (http://*hobbit*mon.sourceforge.net), but was
> disappointed, since the script I needed to search for suspicious patterns
> (bb-msgs.pl) was not part of the main package.
> I've also installed awstats (http://awstats.sourceforge.net/) which uses
> worms.pm to look for suspicious windows worms.
> However, I would love to find a plugin for awstats (or another program) that
> could also detect XSS attempts - as far as this is possible using only
> Apache log files.
> Thank you very much in advance.
> Yours sincerely,
> Anja Hofmann
>
>
-- -p1g SnortCP, ESSE-D, C|HFI, TNCP, TECP, NACP, A+, whatever.. ,,__ o" )~ oink oink ' ' ' ' If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity czar Richard Clarke