Re: Web log file analysis tool

[Adriel Desautels <adriel () netragard com>]

Romain, they should just use mod_security if they want to protect 
against XSS, RFI, LFI, etc.

Regards,
        Adriel T. Desautels
        Chief Technology Officer
        Netragard, LLC.
        Office : 617-934-0269
        Mobile : 617-633-3821
        http://www.linkedin.com/pub/1/118/a45

        Join the Netragard, LLC. Linked In Group:
        http://www.linkedin.com/e/gis/48683/0B98E1705142

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know  : http://tinyurl.com/26pjsn


romain wrote:
> Well, hope you log also the POST and other variable then if you want to 
> detect XSS and so on.
> Anyway, afaik, there is no such tools, but it shouldn't be too difficult 
> to do using the regexp base from PHPIDS project: http://php-ids.org/ and 
> your favorite scripting language...
>
> R.
>   http://rgaucher.info
>
> Anja Hofmann wrote:
> > Hi!
> > Currently, I'm looking for a web log file analysis tool which does not 
> > cause too much traffic/load on our LAMPP web servers.
> > I've tried hobbit monitor (http://*hobbit*mon.sourceforge.net), but 
> > was disappointed, since the script I needed to search for suspicious 
> > patterns (bb-msgs.pl) was not part of the main package.
> > I've also installed awstats (http://awstats.sourceforge.net/) which 
> > uses worms.pm to look for suspicious windows worms.
> > However, I would love to find a plugin for awstats (or another 
> > program) that could also detect XSS attempts - as far as this is 
> > possible using only Apache log files.
> > Thank you very much in advance.
> > Yours sincerely,
> > Anja Hofmann