Re: Realtime log file anlayser
From: Jeff Cochran (jcochran.nospam@naplesgov.com)
Date: 01/22/03
- Next message: Jeff Cochran: "Re: IUSER "Write" Permissions? Pro or Con?"
- Previous message: mnaveed: "when i access my outlook webacess throgh IE it ask passwords several times"
- In reply to: Scarlet: "Realtime log file anlayser"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: jcochran.nospam@naplesgov.com (Jeff Cochran) Date: Wed, 22 Jan 2003 13:08:19 GMT
>Well, the idea seems simple, but i dont know if there is a
>software for it yet or maybe i have to write my own.
>I am using URLSCAN to protect my web site -to some extent-
>and when i check the log files of my web server the well
>known attacks have this <rejected-by-urlscan> in their log
>line.
>So what i need is a realtime logfile analyser that when
>faces that phrase in the log line automatically bans-
>permanent or temporary- the ip of the attacker and
>disconnects any session with that IP. So the first
>malicious request will lead to restriction of the access
>from that IP.
Without arguing your assumptions about the effectiveness of this
method, what you want is not a log file analyzer but an intrusion
detection system. Many are available, free to expensive, and can do
what you ask. Search for them in Google, in particular you may
appreciate Snort.
Jeff
- Next message: Jeff Cochran: "Re: IUSER "Write" Permissions? Pro or Con?"
- Previous message: mnaveed: "when i access my outlook webacess throgh IE it ask passwords several times"
- In reply to: Scarlet: "Realtime log file anlayser"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
