Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 6 Aug 2001 19:58:52 +0200
From:      Mark Rowlands <mark.rowlands@minmail.net>
To:        Drew Tomlinson <drewt@writeme.com>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: How to Analyze Apache Logs? (Was RE: Attempted Buffer Overrun in via httpd?)
Message-ID:  <01080619585201.34275@pcmarpxy.tninet.se>
In-Reply-To: <5CD46247635BD511B6B100A0CC3F023925A039@ldcmsx01.lc.ca.gov>
References:  <5CD46247635BD511B6B100A0CC3F023925A039@ldcmsx01.lc.ca.gov>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Monday 06 August 2001 19:02, you wrote:
> [snipped previous discussion]
>
> I've been reading this thread and it prompted my to check my logs.  I
> appear to have lots of hits as well.  Others are graphing there hits and I
> would like to see how mine are.  Is there a port that others are using to
> do this? What is recommended for a newbie to start analyzing Apache logs?

for a specific incident like this, no, use perl or sh or whatever grabs your 
fancy. webalizer, is quite a pretty log analyser for more general use.

perl -ne 'print if /\bdefault\.ida\b/i' yourapachelog


will extract the code red attempts from a standard apache log, as to more 
detailed logging of network misdemeanours, I use snort and acid 

see http://www.snort.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01080619585201.34275>