[Dshield] collecting web logs

Rick Leir rdshield at leirtech.com
Fri May 9 17:07:31 GMT 2008


The script would scan the error log, at least?  And for each entry that 
is not for an existing file (or a typo) it would collect the requestor's 
IP and any referrer and maybe the User-Agent footprint.

And note when the server logs that it has been probed.

More difficult is to look at the access log, and pick the entries with 
screwy req parameters.  That would be where the privacy concerns arise.

Did you look at the fail2ban scripts?

I could help debug/test it on Apache.
cheers -- Rick

> There are a few challenges for collecting web logs, mainly privacy 
> related. I think I sort of got them worked out now and hope to move 
> ahead with the current design shortly.
> 


More information about the list mailing list