forensic Apache log analysis
I´ll give it a try.
any other tool? (If it is free it would be better ;-) )
someone has suggested me enVision from RSA (
http://www.rsa.com/node.aspx?id=3170) any feedback about this tool?
Other friend has told me about take a look at backtrack (
http://www.backtrack-linux.org/) to check it has a tool to do this. Anyone
2011/7/27 Gareth Llewellyn <email@example.com>
> Try installing Splunk, (be careful to import less than 500mb a day on the
> free license) then once all your logs are imported you should be able to
> find what you are looking for.
> On 27 Jul 2011 07:37, "ESGLinux" <firstname.lastname@example.org> wrote:
> > Hi All,
> > I have a problem with a RHEL server and I want to ask you for some
> > I´m not a security expert so I don´t know which can be the best aproach
> > solve my problem.
> > The problem is that I have several GigaBytes of Apache logs and I need to
> > look for attacks on it to check if the server has been compromised.
> > I can manually check some possible attack urls and looking for them on
> > logs, but I´m sure there must be tools or technics to do these in the
> > correct way.
> > So, any idea that can help me?
> > Thank you very much in advance,
> > ESG
> > --
> > redhat-list mailing list
> > unsubscribe mailto:email@example.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> redhat-list mailing list
> unsubscribe mailto:firstname.lastname@example.org?subject=unsubscribe
redhat-list mailing list