[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IDS: Webserver logfile parser (SecSrch)

To: ids@uow.edu.au
Subject: IDS: Webserver logfile parser (SecSrch)
From: Mike Blomgren <mike.blomgren@ccnox.com>
Date: Wed, 21 Feb 2001 13:56:28 +0100 (CET)

A few months ago, I asked the list on what to look for in webserver 
logfiles, to detect intrusion attempts. The responses where quite a few 
with various tips, and I have now implemented a few of them in the 
attached perl-script.

This is a 'work-in'progress', and must be treated as such. Use it 
freely. But don't flame me if it doesn't work... It has been run and 
continuously updated for the past months, with new 'features' added 
regularly. But I am sure there are several bugs. And more features to 
be added...

Consider this release (2.13 - First Public release) a Beta, and pls 
report any problems back.


Rgds,

~Mike




CCNOX Security Management & Technology AB
http://www.ccnox.com


PGP Fingerprint: 4B7F 8DCA 0C44 019E 1A2D  C0E6 775B 12B1 DB47 5C12



___________________________________
The information included in this e-mail is intended only for the
person or entity to which it is addressed. Any use of this
information by persons or entities other than the intended
recipient is prohibited. If you receive this transmission in
error, please delete this email and destroy any copies of it.

Any opinions expressed in this email are those of the individual
and not necessarily those of the company CCNOX.


    [ Part 2, Application/OCTET-STREAM (Name: "SecSrch.pl")  5.7KB. ]
    [ Unable to print this part. ]


    [ Part 3: "Attached Text" ]

Prev by Date: Sorry Re: IDS: slow udp scan
Next by Date: IDS: SecSrch, again...
Prev by thread: Sorry Re: IDS: slow udp scan
Next by thread: IDS: SecSrch, again...
Index(es):
- Date
- Thread