1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Interpreting raw log files

Discussion in 'Security' started by Tom Strong, Feb 24, 2008.

  1. #1
    Hello there,

    I'm trying to find a baysen like filter for interpreting raw log files from my server, I have searched a bit and found nothing. What I would like to have is a program that would remove the most common server queries and analyse the most uncommon ones so that I can interpret if its scrapper or a hacker trying to find a security hole.

    Tks
     
    Tom Strong, Feb 24, 2008 IP
  2. ccb056

    ccb056 Peon

    Messages:
    169
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Have you looked at awstats?
     
    ccb056, Feb 29, 2008 IP
  3. ThreeGuineaWatch

    ThreeGuineaWatch Well-Known Member

    Messages:
    1,489
    Likes Received:
    69
    Best Answers:
    0
    Trophy Points:
    140
    #3
    Look at mod_secirity for Apache.
     
    ThreeGuineaWatch, Feb 29, 2008 IP
  4. Ladadadada

    Ladadadada Peon

    Messages:
    382
    Likes Received:
    36
    Best Answers:
    0
    Trophy Points:
    0
    #4
    I haven't seen anything Bayesian but I would recommend looking at Splunk. Check out the demos available on their site, particularly this one.

    I suspect once you learn how to use it you will never look back.

    You can also put all your other log files through it and use all the same tools for analysing them.

    That said, it would be very interesting to have a Bayesian filter develop an idea of what is "normal" on your website so it can detect abnormal behaviour automatically. We tend to use our normal traffic tracking and ad-hoc one-line scripts to try and identify interesting behaviour but it is time consuming and inaccurate.

    Alternatively, you could try glTail. It's also not quite what you are after but it does show your traffic patterns in real time and it is seriously cool.
     
    Ladadadada, Mar 11, 2008 IP
    Tom Strong likes this.