Beta testers for Web server Security Log Analysis

From: Mike Blomgren (mibl_at_a51.mine.nu)
Date: 06/25/03 

Date: Wed, 25 Jun 2003 12:55:00 GMT

Hi,

I am in the process of building a system for automated web server log
analysis from a security perspective. The idea is to have the system sift
through the web servers log files on a daily basis, and report on any
security related problems. I.e. users trying to manipulate your server in
any way - looking for open relays, FORM data manipulation, URL
manipulation, Bandwidth hogs, XSS attempts etc. If there is anything
abnormal, then you should be notified.

Right now I'm looking for anyone interested in trying the system and
providing feedback (i.e. Beta-testers - just not so formalized...)

I built and have used the system for a few years, and thought others might
find it useful. But I'd like some user input. The idea is to mail in the
log file (access_log) and a report will be returned, usually within
minutes.

There is a sample site at http://a51.mine.nu/ containing a brief
explanation of the system. If you have any questions or want more info -
drop me an e-mail. I am specifically interested on comments regarding the
output of the analysis, i.e. the report. How to make it more useful and
easier to understand, but still giving enough technical details.

Thanks for your time.

~Mike