From owner-freebsd-questions@FreeBSD.ORG  Mon Mar 30 20:11:33 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 246FC1065674
	for <freebsd-questions@freebsd.org>;
	Mon, 30 Mar 2009 20:11:33 +0000 (UTC)
	(envelope-from mel.flynn+fbsd.questions@mailing.thruhere.net)
Received: from mailhub.rachie.is-a-geek.net (rachie.is-a-geek.net
	[66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id E3E1C8FC19
	for <freebsd-questions@freebsd.org>;
	Mon, 30 Mar 2009 20:11:32 +0000 (UTC)
	(envelope-from mel.flynn+fbsd.questions@mailing.thruhere.net)
Received: from sarevok.dnr.servegame.org (gate.lan.rachie.is-a-geek.net
	[192.168.2.10])
	by mailhub.rachie.is-a-geek.net (Postfix) with ESMTP id 80CA97E818;
	Mon, 30 Mar 2009 12:11:31 -0800 (AKDT)
From: Mel Flynn <mel.flynn+fbsd.questions@mailing.thruhere.net>
To: freebsd-questions@freebsd.org
Date: Mon, 30 Mar 2009 22:11:30 +0200
User-Agent: KMail/1.11.0 (FreeBSD/8.0-CURRENT; KDE/4.2.0; i386; ; )
References: <5BCD53E0-5B9F-4349-8401-FBF0ACF369C2@charter.net>
	<4ad871310903291154j74c35b0p545157b848adf8b9@mail.gmail.com>
	<8BDE67B0-B6B1-4AAC-A0FD-0E519E74CBAF@charter.net>
In-Reply-To: <8BDE67B0-B6B1-4AAC-A0FD-0E519E74CBAF@charter.net>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200903302211.30208.mel.flynn+fbsd.questions@mailing.thruhere.net>
Cc: Charles Howse <chowse@charter.net>
Subject: Re: analyzing httpd-error.log
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Mar 2009 20:11:33 -0000

On Sunday 29 March 2009 22:25:55 Charles Howse wrote:
> On Mar 29, 2009, at 1:54 PM, Glen Barber wrote:
> > On Sun, Mar 29, 2009 at 1:33 PM, Charles Howse <chowse@charter.net>
> >
> > wrote:
> >> On Mar 28, 2009, at 11:51 PM, Olivier Nicole wrote:
> >>> Hi,
> >>>
> >>>> Webalizer is doing what it's supposed to with httpd-access.log, but
> >>>> when I give it the error log to process is coughs, spits and spills
> >>>> out errors with no data processed.  My research hasn't turned up a
> >>>> good solution for webalizer and -error.log.
> >
> > What are the errors?
>
> Intrusion attempts, (a few) bad links in my website, also I use the
> error.log to troubleshoot cgi scripts.

Nothing beats tail -f for debugging.

404's can be gathered from access log, by webalizer (or awstats or ...) and 
are summarized when enabled. If I remember correctly, there's also a referer 
top list, that specifies which pages link to invalid pages, but it may have 
been awstats that does this.

Can't think of anything specific for apache error log, I roll my own grok 
rules if I'm really interested in a specific vulnerability. See sysutils/grok.
-- 
Mel