|Main Archive Page > Month Archives > security-basics archives|
don't let the name fool ya. It work on many different types of logs and text files.
I use it for incident response / analysis.
On Tue, Jun 3, 2008 at 6:37 AM, Anja Hofmann
> Currently, I'm looking for a web log file analysis tool which does not cause
> too much traffic/load on our LAMPP web servers.
> I've tried hobbit monitor (http://*hobbit*mon.sourceforge.net), but was
> disappointed, since the script I needed to search for suspicious patterns
> (bb-msgs.pl) was not part of the main package.
> I've also installed awstats (http://awstats.sourceforge.net/) which uses
> worms.pm to look for suspicious windows worms.
> However, I would love to find a plugin for awstats (or another program) that
> could also detect XSS attempts - as far as this is possible using only
> Apache log files.
> Thank you very much in advance.
> Yours sincerely,
> Anja Hofmann
-- -p1g SnortCP, ESSE-D, C|HFI, TNCP, TECP, NACP, A+, whatever.. ,,__ o" )~ oink oink ' ' ' ' If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity czar Richard Clarke