Home page logo

basics logo Security Basics mailing list archives

Re: Web log file analysis tool
From: romain <r () fuckthespam com>
Date: Tue, 03 Jun 2008 14:14:48 -0400

Well, hope you log also the POST and other variable then if you want to detect XSS and so on.
Anyway, afaik, there is no such tools, but it shouldn't be too difficult to do using the regexp base from PHPIDS project: http://php-ids.org/ and your favorite scripting language...


Anja Hofmann wrote:
Currently, I'm looking for a web log file analysis tool which does not cause too much traffic/load on our LAMPP web servers. I've tried hobbit monitor (http://*hobbit*mon.sourceforge.net), but was disappointed, since the script I needed to search for suspicious patterns (bb-msgs.pl) was not part of the main package. I've also installed awstats (http://awstats.sourceforge.net/) which uses worms.pm to look for suspicious windows worms. However, I would love to find a plugin for awstats (or another program) that could also detect XSS attempts - as far as this is possible using only Apache log files.
Thank you very much in advance.
Yours sincerely,
Anja Hofmann

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]