[Dshield] httpd logs

Johannes B. Ullrich jullrich at sans.org
Mon Jun 18 19:45:37 GMT 2007


Rick Leir wrote:
> How about monitoring http attack attempts, which generally show up in
> /var/log/httpd/error_log?
> This has probably been discussed before, but my searches of the archive
> were not helpful.

the apache error log is useful, but far from complete. I see many web
based attacks using google first to find vulnerable systems to pick off.
So they will only hit you if you have the right file. Even if you are
patched, you will typically not see an error from Apache. Maybe from
something like mod_security or in your application log.




-- 
---------
SANSFIRE 2007 July 25-August 2 in Washington, DC.  56 courses, SANS top
instructors, and a great tools and solutions expo. Register today!
http://www.sans.org/info/4651 (brochure code ISC)

http://isc.sans.org         PGP Key: https://secure.dshield.org/PGPKEYS

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
Url : http://lists.sans.org/pipermail/list/attachments/20070618/a6f73bdd/attachment.bin 


More information about the list mailing list