[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: reviewing httpd access log

To: J Moore <jaymo@cullmail.com>
Subject: Re: reviewing httpd access log
From: marius <anarcap@gmail.com>
Date: Sun, 1 Aug 2004 13:47:29 -0400
Cc: misc@openbsd.org
References: <20040801174234.GA76@kingcull.cullmail.com>

On Sun, 1 Aug 2004 12:42:34 -0500, J Moore <jaymo@cullmail.com> wrote:
> Reviewing my /var/www/logs/access_log file it seems there are a lot of
> "bogus" entries; i.e. people trying various hacks, looking for
> weaknesses, testing for win32, etc, etc.
> 
> Is there a good technique for automatically identifying these
> trouble-makers? I'd like to be able to build a "deny" table for pf to
> halt repeat offendors, but I can't afford the time to review the logs
> "manually".
> 
> Thanks,
> Jay
> 
> 

Check out Snort... http://www.snort.org/

Follow-Ups:
- Re: reviewing httpd access log
  - From: Gerardo Santana Gómez Garrido <santana@tuxtla.openbsd.org.mx>
- Re: reviewing httpd access log
  - From: "L. V. Lammert" <lvl@omnitec.net>

References:
- reviewing httpd access log
  - From: J Moore <jaymo@cullmail.com>

Prev by Date: reviewing httpd access log
Next by Date: Re: Canadian French encoding
Prev by thread: reviewing httpd access log
Next by thread: Re: reviewing httpd access log
Index(es):
- Date
- Thread