FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Linux

 
 
LinkBack Thread Tools
 
Old 07-27-2011, 06:42 AM
Gareth Llewellyn
 
Default forensic Apache log analysis

Try installing Splunk, (be careful to import less than 500mb a day on the
free license) then once all your logs are imported you should be able to
find what you are looking for.

On 27 Jul 2011 07:37, "ESGLinux" <esggrupos@gmail.com> wrote:
> Hi All,
>
> I have a problem with a RHEL server and I want to ask you for some advice.
> Im not a security expert so I dont know which can be the best aproach to
> solve my problem.
>
> The problem is that I have several GigaBytes of Apache logs and I need to
> look for attacks on it to check if the server has been compromised.
>
> I can manually check some possible attack urls and looking for them on the
> logs, but Im sure there must be tools or technics to do these in the
> correct way.
>
> So, any idea that can help me?
>
> Thank you very much in advance,
>
> ESG
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-27-2011, 07:18 AM
ESGLinux
 
Default forensic Apache log analysis

thanks,

Ill give it a try.

any other tool? (If it is free it would be better ;-) )

someone has suggested me enVision from RSA (
http://www.rsa.com/node.aspx?id=3170) any feedback about this tool?

Other friend has told me about take a look at backtrack (
http://www.backtrack-linux.org/) to check it has a tool to do this. Anyone
knows?

thanks again

ESG

2011/7/27 Gareth Llewellyn <gareth@networksaremadeofstring.co.uk>

> Try installing Splunk, (be careful to import less than 500mb a day on the
> free license) then once all your logs are imported you should be able to
> find what you are looking for.
>
> On 27 Jul 2011 07:37, "ESGLinux" <esggrupos@gmail.com> wrote:
> > Hi All,
> >
> > I have a problem with a RHEL server and I want to ask you for some
> advice.
> > Im not a security expert so I dont know which can be the best aproach
> to
> > solve my problem.
> >
> > The problem is that I have several GigaBytes of Apache logs and I need to
> > look for attacks on it to check if the server has been compromised.
> >
> > I can manually check some possible attack urls and looking for them on
> the
> > logs, but Im sure there must be tools or technics to do these in the
> > correct way.
> >
> > So, any idea that can help me?
> >
> > Thank you very much in advance,
> >
> > ESG
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 

Thread Tools




All times are GMT. The time now is 05:14 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org