a suggestion
From: Raistlin (raistlin@gioco.net)Date: 08/05/01
- Previous message: corecode: "RE: CodeRedII - New non-variant codered worm - Analysis."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <026b01c11de8$951cdf00$0200a8c0@edisontel.it> From: "Raistlin" <raistlin@gioco.net> To: "Incidents" <INCIDENTS@SECURITYFOCUS.COM> Subject: a suggestion Date: Sun, 5 Aug 2001 21:55:21 +0200
If you are scanning your apache error log files for the IDA / Red Code worm,
you may want to use something like:
in /var/log/httpd
cat *err.log | grep 'default.ida' | awk '{print $8 " " $1 " " $2 " " $3 " "
$4 " " $5}' | sed s/[][]/" "/g > myreport.txt
It's rude but functional.
Stefano "Raistlin" Zanero
System Administrator Gioco.Net
public PGP key block at http://gioco.net/pgpkeys
P.S. Thanks Kallisti and Clooney :P
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: corecode: "RE: CodeRedII - New non-variant codered worm - Analysis."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
