Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Webserver log file forensics

Status
Not open for further replies.
MichealC4

MichealC4

Programmer
Jun 26, 2003
457
I attempted to post this to the forensics list at securityfocus.com, but a moderator failed to properly read my email and denied my message.

I'm looking for a preferably Windows opensource C++ program to analyze the log files from various web servers, namely Apache and IIS. I need the progam to be able to do things such as decode unicode in the request string, filter out certain IP addresses, etc. Things that would make using the program appealing as opposed to the by hand forensics I am doing now.

----------------------------
"Will work for bandwidth" - Thinkgeek T-shirt
 
Sort by date Sort by votes
pansophic: Thanks, I looked but didn't see anything.

Xemus: As I mentioned in my post, that's not when I'm looking for. I'm looking for forensic tools, not trending tools.

----------------------------
"Will work for bandwidth" - Thinkgeek T-shirt
 
Upvote 0 Downvote
It eluded me before, but something like samhain


might be a good start to what you are looking to do. It is a host-based intrusion detection program based on log analysis. It certainly won't work out of the box, but you should be able to modify it to meet your needs.


pansophic
 
Upvote 0 Downvote
Thanks. My fault for not explaining everything.

What will happen is I am the Support Team Leader of phpBB, a popular bulletin board package. When users hand me their access logs of an attack (along with db backup and files), I've traditionally had to go through and check entries by hand. A long process staring at the black and white of Notepad or something. I'm looking for a nicer looking tool that will allow me to sort entries, exclude IP addresses, concentrate on IP addresses, follow conversations, decode unicode, etc. Basically like Ethereal except for access logs.

----------------------------
"Will work for bandwidth" - Thinkgeek T-shirt
 
Upvote 0 Downvote
contact someone in Guiadant(sp?) - makers of Encase, Sysinternals, or other forensics based business.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

markd885
  • Locked
  • Question
PAC file redirect web page to another gateway
Replies
0
Views
201
markd885
markd885
DivemasterBill
  • Locked
  • Question
Cannot connect via the SonicWall Login webpage
Replies
0
Views
272
DivemasterBill
DivemasterBill
decyberworld
  • Locked
  • Question
Where start-up config and capture file saved in ASA
Replies
0
Views
175
decyberworld
decyberworld
alex1002
  • Locked
  • Question
Sonicwall SSLVPN very slow Throughput accessing network files
Replies
1
Views
358
alex1002
alex1002
DigitelD
  • Locked
  • Question
Computer forensics question
Replies
4
Views
128
DigitelD
DigitelD

Part and Inventory Search

Sponsor

Back
Top