Re: Beta testers for Web server Security Log Analysis
From: Sascha Teifke (nospam_at_plea.se)
Date: 06/25/03
- Previous message: Sean: "Re: Language independant public key"
- In reply to: Mike Blomgren: "Beta testers for Web server Security Log Analysis"
- Next in thread: Mike Blomgren: "Re: Beta testers for Web server Security Log Analysis"
- Reply: Mike Blomgren: "Re: Beta testers for Web server Security Log Analysis"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 25 Jun 2003 16:17:14 +0200
I would sleep better if you'd have a packet for downloading which is
installable on my own server. I wouldn't be a good hoster if I send the
whole Logfile to a 3rd person who I don't know for searching for a
security issue.
Sure, I could send it encrpyted but who tells me that you're trustworthy?
Isn't it a bad idea to wait for everybody for sending in their server logs?
For Logfile analysis there are some free HIDS like
logsurfer - http://www.cert.dfn.de/eng/logsurf
logsentry - http://www.psionic.com/products/logsentry.html
...
I am sure that you did great work, but I don't think that it is a good
idea to send logfile data through a 3rd person ...
Greetings
Sascha
Mike Blomgren wrote:
> Hi,
>
> I am in the process of building a system for automated web server log
> analysis from a security perspective. The idea is to have the system sift
> through the web servers log files on a daily basis, and report on any
> security related problems. I.e. users trying to manipulate your server in
> any way - looking for open relays, FORM data manipulation, URL
> manipulation, Bandwidth hogs, XSS attempts etc. If there is anything
> abnormal, then you should be notified.
>
> Right now I'm looking for anyone interested in trying the system and
> providing feedback (i.e. Beta-testers - just not so formalized...)
>
> I built and have used the system for a few years, and thought others might
> find it useful. But I'd like some user input. The idea is to mail in the
> log file (access_log) and a report will be returned, usually within
> minutes.
>
> There is a sample site at http://a51.mine.nu/ containing a brief
> explanation of the system. If you have any questions or want more info -
> drop me an e-mail. I am specifically interested on comments regarding the
> output of the analysis, i.e. the report. How to make it more useful and
> easier to understand, but still giving enough technical details.
>
> Thanks for your time.
>
> ~Mike
>
>
>
>
- Previous message: Sean: "Re: Language independant public key"
- In reply to: Mike Blomgren: "Beta testers for Web server Security Log Analysis"
- Next in thread: Mike Blomgren: "Re: Beta testers for Web server Security Log Analysis"
- Reply: Mike Blomgren: "Re: Beta testers for Web server Security Log Analysis"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
