From owner-freebsd-questions Mon Aug 6 15: 9: 8 2001 Delivered-To: freebsd-questions@freebsd.org Received: from lcmail2.lc.ca.gov (lcmail2.lc.ca.gov [165.107.12.11]) by hub.freebsd.org (Postfix) with ESMTP id 08BD737B403 for ; Mon, 6 Aug 2001 15:09:03 -0700 (PDT) (envelope-from drewt@writeme.com) Received: from CONVERSION-DAEMON by lcmail2.lc.ca.gov (PMDF V5.2-27 #40821) id <0GHO00D012TS0E@lcmail2.lc.ca.gov> for freebsd-questions@FreeBSD.ORG; Mon, 6 Aug 2001 15:08:38 -0700 (PDT) Received: from tagalong ([165.107.42.215]) by lcmail2.lc.ca.gov (PMDF V5.2-27 #40821) with SMTP id <0GHO00H862R00Y@lcmail2.lc.ca.gov> for freebsd-questions@FreeBSD.ORG; Mon, 06 Aug 2001 15:06:37 -0700 (PDT) Date: Mon, 06 Aug 2001 15:05:23 -0700 From: Drew Tomlinson Subject: RE: How to Analyze Apache Logs? (Was RE: Attempted Buffer Overrun in via httpd?) In-reply-to: <01080619585201.34275@pcmarpxy.tninet.se> To: 'Mark Rowlands' , Drew Tomlinson Cc: freebsd-questions@FreeBSD.ORG Message-id: <5CD46247635BD511B6B100A0CC3F023925A03A@ldcmsx01.lc.ca.gov> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) Content-type: text/plain; charset="iso-8859-1" Content-transfer-encoding: 8bit Importance: Normal X-Priority: 3 (Normal) X-MSMail-priority: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > -----Original Message----- > From: Mark Rowlands [mailto:mark.rowlands@minmail.net] > Sent: Monday, August 06, 2001 10:59 AM > To: Drew Tomlinson > Cc: freebsd-questions@FreeBSD.ORG > Subject: Re: How to Analyze Apache Logs? (Was RE: Attempted Buffer > Overrun in via httpd?) > > > On Monday 06 August 2001 19:02, you wrote: > > [snipped previous discussion] > > > > I've been reading this thread and it prompted my to check > my logs. I > > appear to have lots of hits as well. Others are graphing > there hits and I > > would like to see how mine are. Is there a port that > others are using to > > do this? What is recommended for a newbie to start > analyzing Apache logs? > > for a specific incident like this, no, use perl or sh or > whatever grabs your > fancy. webalizer, is quite a pretty log analyser for more general use. > > perl -ne 'print if /\bdefault\.ida\b/i' yourapachelog >  > > will extract the code red attempts from a standard apache > log, as to more > detailed logging of network misdemeanours, I use snort and acid > > see http://www.snort.org Thank you for your assistance. Another reason I need to start learning a scripting language... :) Drew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message