From owner-freebsd-questions  Mon Aug  6 10:58:58 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from rush.telenordia.se (mail.telenordia.se [194.213.64.42])
	by hub.freebsd.org (Postfix) with SMTP id 79AEE37B403
	for <freebsd-questions@FreeBSD.ORG>; Mon,  6 Aug 2001 10:58:55 -0700 (PDT)
	(envelope-from mark.rowlands@minmail.net)
Received: (qmail 6417 invoked from network); 6 Aug 2001 19:58:53 +0200
Received: from bb-62-5-36-29.bb.tninet.se (HELO pcmarpxy.tninet.se) (62.5.36.29)
  by mail.telenordia.se with SMTP; 6 Aug 2001 19:58:53 +0200
Content-Type: text/plain;
  charset="iso-8859-1"
From: Mark Rowlands <mark.rowlands@minmail.net>
To: Drew Tomlinson <drewt@writeme.com>
Subject: Re: How to Analyze Apache Logs? (Was RE: Attempted Buffer Overrun in via httpd?)
Date: Mon, 6 Aug 2001 19:58:52 +0200
X-Mailer: KMail [version 1.2]
References: <5CD46247635BD511B6B100A0CC3F023925A039@ldcmsx01.lc.ca.gov>
In-Reply-To: <5CD46247635BD511B6B100A0CC3F023925A039@ldcmsx01.lc.ca.gov>
Cc: freebsd-questions@FreeBSD.ORG
MIME-Version: 1.0
Message-Id: <01080619585201.34275@pcmarpxy.tninet.se>
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Monday 06 August 2001 19:02, you wrote:
> [snipped previous discussion]
>
> I've been reading this thread and it prompted my to check my logs.  I
> appear to have lots of hits as well.  Others are graphing there hits and I
> would like to see how mine are.  Is there a port that others are using to
> do this? What is recommended for a newbie to start analyzing Apache logs?

for a specific incident like this, no, use perl or sh or whatever grabs your 
fancy. webalizer, is quite a pretty log analyser for more general use.

perl -ne 'print if /\bdefault\.ida\b/i' yourapachelog


will extract the code red attempts from a standard apache log, as to more 
detailed logging of network misdemeanours, I use snort and acid 

see http://www.snort.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message