Re: Web log file analysis tool

[p1g <killfactory () gmail com>]

IIS Logparser.

don't let the name fool ya. It work on many different types of logs
and text files.

I use it for incident response / analysis.

On Tue, Jun 3, 2008 at 6:37 AM, Anja Hofmann
<anja.hofmann () ub uni-tuebingen de> wrote:
> Hi!
> Currently, I'm looking for a web log file analysis tool which does not cause
> too much traffic/load on our LAMPP web servers.
> I've tried hobbit monitor (http://*hobbit*mon.sourceforge.net), but was
> disappointed, since the script I needed to search for suspicious patterns
> (bb-msgs.pl) was not part of the main package.
> I've also installed awstats (http://awstats.sourceforge.net/) which uses
> worms.pm to look for suspicious windows worms.
> However, I would love to find a plugin for awstats (or another program) that
> could also detect XSS attempts - as far as this is possible using only
> Apache log files.
> Thank you very much in advance.
> Yours sincerely,
> Anja Hofmann



-- 
-p1g
SnortCP, ESSE-D, C|HFI, TNCP, TECP, NACP, A+, whatever..
 ,,__
o" )~ oink oink
 ' ' ' '

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke