a suggestion

From: Raistlin (raistlin@gioco.net)
Date: 08/05/01


Message-ID: <026b01c11de8$951cdf00$0200a8c0@edisontel.it>
From: "Raistlin" <raistlin@gioco.net>
To: "Incidents" <INCIDENTS@SECURITYFOCUS.COM>
Subject: a suggestion
Date: Sun, 5 Aug 2001 21:55:21 +0200

If you are scanning your apache error log files for the IDA / Red Code worm,
you may want to use something like:

in /var/log/httpd

cat *err.log | grep 'default.ida' | awk '{print $8 " " $1 " " $2 " " $3 " "
$4 " " $5}' | sed s/[][]/" "/g > myreport.txt

It's rude but functional.

Stefano "Raistlin" Zanero
System Administrator Gioco.Net
public PGP key block at http://gioco.net/pgpkeys

P.S. Thanks Kallisti and Clooney :P

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com