Upload File

keeping up with web logs. awstats supports http as well as ftp and mail logs iis and apache ...

  • Home
  • Documents
  • Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows
22
AWSTATS LOG ANALYZER Keeping up with Web Logs

Upload: vivien-delilah-ward

Post on 16-Dec-2015

217 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows

AWSTATS LOG ANALYZERKeeping up with Web Logs

Page 2: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows

AWStats

Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation

Runs on Windows and Linux System Requirements

PERL 5.0 or greater

Page 3: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows

Useful Features

Summary of # visitors, # visits, pages, hits, bandwidth

Monthly, Daily, and Hourly traffic graphs Visitors listed by frequency Counts: file type, downloads, and URL-pages Status code counts

Link to view 404 Not-Found log entries Useful Plug-ins

Hostinfo Raw Log Search

Page 4: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows

Screenshot

Page 5: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows

Daily Trend

Page 6: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows

Top Visitors

Page 7: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows

Downloads

Page 8: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows

URLs Visited

Page 9: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows

HTTP Status Codes

Page 10: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows

404 Report

Page 11: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows

Hostinfo Plugin

Used to get Whois information about visitor

Will display information in a new browser window

Useful to determine origin of unresolvable Ips

Ex: 121.254.193.202 had over 1,500 hits to our site

Click on ? Link in the Hosts (Top 10) table

Page 12: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows

Hostinfo Plugin - Whois

Page 13: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows

Raw Log Search Plugin

Puts search form at top of report page

Will search and display contents of the “current” log

Allows PERL regular expression searches

Useful to search for suspicious traffic

Page 14: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows

Search for visitors…

Page 15: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows

Error codes…

Page 16: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows

Suspicious patterns…

Page 17: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows

More suspicious patterns

Page 18: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows

Caveat Emptor!

XSS attacks will be reflected in log!

•Don’t have other sites open using same browser

•Use dedicated system/vm for log review

Page 19: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows

Why I like it

It’s Free! Active project = revisions and

improvements Multi-platform support Easy to set up and get going Provides at-a-glance view of web

activity Plugins available to provide

additional functionality

Page 20: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows

Notes

Log formats supported Apache common log format (see Note*),

Apache combined log format (known as NCSA combined log format or XLF or ELF format),Any other personalized Apache log format,Any IIS log format (known as W3C format),Webstar native log format,Realmedia server, Windows Media Server, Darwin streaming server,ProFTPd server, vsFTPd server,Postfix, Sendmail, QMail, MdaemonA lot of web/wap/proxy/streaming servers log format

Page 21: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows

Notes - continued

Search pattern for visitor 123.125.67.181.*08/Jan

Search for error codes “ 400 “

Search for suspicious patterns URL w/ at least 4 encoded chars

GET.*(%[0-9a-fA-F]{2}){4}\S* HTTP Embedded hex

GET \S*(\\[xX][0-9a-fA-F]{2}) Reverse directory traversal

GET \S*(\.\.\/){2} Injection attacks

GET \S*(select\(|SELECT\(|--|1=1|\/\*|\|)

Page 22: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows

References

AWStats Home http://awstats.sourceforge.net http://

awstats.sourceforge.net/docs/index.html ASCII Table

http://www.asciitable.com/ Injection attack patterns

http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/

http://awstats.sourceforge.net/
http://awstats.sourceforge.net/
http://awstats.sourceforge.net/docs/index.html
http://awstats.sourceforge.net/docs/index.html
http://www.asciitable.com/
http://www.asciitable.com/
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/

Iis implementation

IIS Bangalore

iis- Rave

Iis Rismawati

WebAgent IIS

Logs, Logs, Logs, from Natural Element Homes

Iis News10

Russ McRee Bryan Casper - FIRST - Improving Security … Diagnostics API to Configure and Collect Event Logs Performance Counters Trace/Debug information (logging) IIS Logs, Failed

Configure FTP With IIS Manager Authentication in IIS 7 Printed

Biobrick Pharma Product Gloss€¦ · s.no. brand name composition packing pack iis iis iis ml. iis iis iis iis vial vial with wfi vial with wfi vial with wfi vial with wfi amr vial

06 Resistivity Logs Induction Logs

Table of Contents · Microsoft IIS 6.0 Management Compatibility Microsoft IIS Windows Authentication Microsoft .NET Framework 4.6.1 or above Microsoft IIS ASP Microsoft IIS ASP.NET

Awstats Log Analyzer

SPH IIS Logs by All Params Narrow - depts.washington.edudepts.washington.edu/sphnet/wp-content/uploads/... · LogTime Client IP Server/Site DNS servicestatus operation target parameters

SpiceWorks Webinar: Whose logs, what logs, why logs

LOGS...............THE BACK LOGS

IIS Technologies

GUIA DE ACOGIDA DE IIS-IP - IIS LA PRINCESA

Administrativo IIs

IIS Server ETL IIS Server This is OPERATIONAL ANALYTICS

For IIS Group ‘A’ - Indian Institute of Mass Communicationiimc.nic.in/WriteReadData/userfiles/file/17/iis/For IIS... ·  · 2017-05-03For IIS Group ‘A ’ 2016 (Duration

Sample Contents from Internet Information Services (IIS… · server. The IIS Manager IIS 7.0 introduces a completely new user in terface, the IIS Manager. The IIS Manager ... Preview

Apache Logs Viewer Manual · PDF file V5.10 3 1. Introduction Welcome to Apache Logs Viewer, the free1 tool that will help you analyze and monitor your Apache, IIS,

Server Roles and Features.NET Framework 3.51.NET Framework 4.5 IIS Web Server IIS Default Document IIS Directory Browsing IIS HTTP Errors

Using AWStats to Analyze Logs from EZProxy and from the ... · Using AWStats to Analyze Logs from EZProxy and from the Public OPAC Logs Stacey Knight-Davis Eastern Illinois University

Tools to Migrate Windows Applications · IIS I E IIS I E ASP IIS I E ASP SQ L Se rve r IIS I E ASP SQ L Se rve r IIS I E ASP SQ L Se rve r IIS SQL Server IE ASP COM IIS SQL Server

ContentsProblem Resolution: The TC’s identify ongoing problems and martial and ... Create graphics and stylesheets for mobile and web apps Web security, IIS logs and web statistics

McAfee Enterprise Security Manager Data Source ... · Windows DNS Server Windows DHCP Server Windows IIS Server Logs 3 Prerequisites To install the McAfee SIEM Collector, you will

IIS Media Services 3.0 Beta IIS Smooth Streaming Announce d IIS Media Services 3.0 RTW

Iis Fundamentals

Load Balancing Microsoft IIS · Microsoft Internet Information Services (IIS) 5. Microsoft Internet Information Services (IIS) IIS is one of the components of Microsoft Windows and

Manual Iis

Configure FTP with IIS Manager Authentication in IIS 7

Logs – Solve USING LOGS METHOD

Servidor Web en Linux Debian 10 – Estadisticas Web Con AwStats