Re: Apache log file monitor

From: James Barkley (James.Barkley_at_noaa.gov)
Date: 10/17/04

  • Next message: Anirudhya Mitra: "SYN SCAN" 
    Date: Sun, 17 Oct 2004 16:08:26 -0400
To: Chris Davis <davisfactor@gmail.com>, security-basics@securityfocus.com, webappsec@securityfocus.com

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
     
    On linux use webalizer for stats, logwatch for alerts, and maybe
    create your own perl or shell script to look for and report specific
    things (this is not as hard or time-consuming as you might think).
    You can have these mailed to you via cron, but if you choose to do
    that I highly reccomend you encrypt the payload via gpg. Create a new
    key and make sure the secret key has been imported as fully trusted on
    both sending machine and receiving machine. Here is a sample line to
    place in your crontab.

    55 23 * * * /usr/local/bin/logcheck -d today | /usr/bin/gpg -e -a
    - --batch -r jane.doe@website.com | /bin/mail -s 'webserver daily'
    jane.doe@website.com

    - -Jim

    p.s. Create your key as 2048-bit

    Chris Davis wrote:

    |I occasionally see you guys talk about what appeared in your Apache
    |logs the night before. What utilities do you guys use to monitor your
    |log files?
    |
    |Currently I run awstats to record the number of visitors and which
    |pages were hit more frequently, but it doesn't log the actual URL that
    |the "visitor" attempted to reach.
    |
    |Thanks for any help you can provide.
    |
    |Chris Davis
    |davisfactor@gmail.com

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.2 (MingW32)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
     
    iD8DBQFBctE4BtvwQGcl/zERAkDaAJ0cLGsLGKFnduIimhDHYxkq4RfzrACeLkZ9
    bjjKEhRqHSyGIhiFKo/mSVw=
    =o0xe
    -----END PGP SIGNATURE-----

  • Next message: Anirudhya Mitra: "SYN SCAN"
    Loading