From owner-freebsd-questions  Sun Nov  4  7:19:49 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from wintermute.at.org (wintermute.at.org [64.69.77.155])
	by hub.freebsd.org (Postfix) with ESMTP id 885AC37B417
	for <freebsd-questions@FreeBSD.ORG>; Sun,  4 Nov 2001 07:19:43 -0800 (PST)
Received: from barney.intergate.ca (bambam [216.232.226.47])
	by wintermute.at.org (8.11.3/8.11.3) with ESMTP id fA48gL705941
	(using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified OK)
	for <freebsd-questions@FreeBSD.ORG>; Sun, 4 Nov 2001 08:42:22 GMT
Received: from FRED (fred [192.168.2.1])
	by barney.intergate.ca (8.11.3/8.11.3) with ESMTP id fA47hor04743;
	Sat, 3 Nov 2001 23:43:50 -0800
Date: Sat, 3 Nov 2001 22:46:21 -0800
From: Sean Ellis <sellis@telus.net>
X-Mailer: The Bat! (v1.51)
Reply-To: Sean Ellis <sellis@telus.net>
Organization: yes
X-Priority: 3 (Normal)
Message-ID: <42120651196.20011103224621@telus.net>
To: brain_damaged <brain_damaged@florida-wireless.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: httpd log files big
In-Reply-To: <Pine.BSF.4.21.0111032357121.66878-100000@ren.sasknow.com>
References: <Pine.BSF.4.21.0111032357121.66878-100000@ren.sasknow.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 1.3 (www dot roaringpenguin dot com slash mimedefang)
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hello bd,

Saturday, November 03, 2001, 10:05:20 PM, you wrote:


>> And does anyone have a perl script or program to read the httpd logs
>> and pull out failed access or something to auto notify of virus
>> attacks or such ?

I've been trying out a utility called 'logcheck' to monitor my log
files. Not the apache logs, but I imagine you could add them into
the config without problem. It will email you an alert according to
what you have told it to ignore or to pay attention to.

> Sure... It's pretty trivial to write a shell script with grep/awk etc to
> pull out the bits you want. You can fine tune a Perl script a bit more.
> Maybe if you post some specific requirements one of us can help you write
> something.

> General (untested) approach using grep:

> #!/bin/sh
> grep -v cmd.exe $1
> | grep -v root.exe
> | grep -v something_else_you_want_to_filter



>> Thanks
>> Bd
>> 
>> To Unsubscribe: send mail to majordomo@FreeBSD.org
>> with "unsubscribe freebsd-questions" in the body of the message
>> 




-- 
Best regards,
 Sean                            mailto:sellis@telus.net



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message