keeping up with web logs. awstats supports http as well as ftp and mail logs iis and apache ...
TRANSCRIPT
![Page 1: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649ce15503460f949abe28/html5/thumbnails/1.jpg)
AWSTATS LOG ANALYZERKeeping up with Web Logs
![Page 2: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649ce15503460f949abe28/html5/thumbnails/2.jpg)
AWStats
Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation
Runs on Windows and Linux System Requirements
PERL 5.0 or greater
![Page 3: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649ce15503460f949abe28/html5/thumbnails/3.jpg)
Useful Features
Summary of # visitors, # visits, pages, hits, bandwidth
Monthly, Daily, and Hourly traffic graphs Visitors listed by frequency Counts: file type, downloads, and URL-pages Status code counts
Link to view 404 Not-Found log entries Useful Plug-ins
Hostinfo Raw Log Search
![Page 4: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649ce15503460f949abe28/html5/thumbnails/4.jpg)
Screenshot
![Page 5: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649ce15503460f949abe28/html5/thumbnails/5.jpg)
Daily Trend
![Page 6: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649ce15503460f949abe28/html5/thumbnails/6.jpg)
Top Visitors
![Page 7: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649ce15503460f949abe28/html5/thumbnails/7.jpg)
Downloads
![Page 8: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649ce15503460f949abe28/html5/thumbnails/8.jpg)
URLs Visited
![Page 9: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649ce15503460f949abe28/html5/thumbnails/9.jpg)
HTTP Status Codes
![Page 10: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649ce15503460f949abe28/html5/thumbnails/10.jpg)
404 Report
![Page 11: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649ce15503460f949abe28/html5/thumbnails/11.jpg)
Hostinfo Plugin
Used to get Whois information about visitor
Will display information in a new browser window
Useful to determine origin of unresolvable Ips
Ex: 121.254.193.202 had over 1,500 hits to our site
Click on ? Link in the Hosts (Top 10) table
![Page 12: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649ce15503460f949abe28/html5/thumbnails/12.jpg)
Hostinfo Plugin - Whois
![Page 13: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649ce15503460f949abe28/html5/thumbnails/13.jpg)
Raw Log Search Plugin
Puts search form at top of report page
Will search and display contents of the “current” log
Allows PERL regular expression searches
Useful to search for suspicious traffic
![Page 14: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649ce15503460f949abe28/html5/thumbnails/14.jpg)
Search for visitors…
![Page 15: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649ce15503460f949abe28/html5/thumbnails/15.jpg)
Error codes…
![Page 16: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649ce15503460f949abe28/html5/thumbnails/16.jpg)
Suspicious patterns…
![Page 17: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649ce15503460f949abe28/html5/thumbnails/17.jpg)
More suspicious patterns
![Page 18: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649ce15503460f949abe28/html5/thumbnails/18.jpg)
Caveat Emptor!
XSS attacks will be reflected in log!
•Don’t have other sites open using same browser
•Use dedicated system/vm for log review
![Page 19: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649ce15503460f949abe28/html5/thumbnails/19.jpg)
Why I like it
It’s Free! Active project = revisions and
improvements Multi-platform support Easy to set up and get going Provides at-a-glance view of web
activity Plugins available to provide
additional functionality
![Page 20: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649ce15503460f949abe28/html5/thumbnails/20.jpg)
Notes
Log formats supported Apache common log format (see Note*),
Apache combined log format (known as NCSA combined log format or XLF or ELF format),Any other personalized Apache log format,Any IIS log format (known as W3C format),Webstar native log format,Realmedia server, Windows Media Server, Darwin streaming server,ProFTPd server, vsFTPd server,Postfix, Sendmail, QMail, MdaemonA lot of web/wap/proxy/streaming servers log format
![Page 21: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649ce15503460f949abe28/html5/thumbnails/21.jpg)
Notes - continued
Search pattern for visitor 123.125.67.181.*08/Jan
Search for error codes “ 400 “
Search for suspicious patterns URL w/ at least 4 encoded chars
GET.*(%[0-9a-fA-F]{2}){4}\S* HTTP Embedded hex
GET \S*(\\[xX][0-9a-fA-F]{2}) Reverse directory traversal
GET \S*(\.\.\/){2} Injection attacks
GET \S*(select\(|SELECT\(|--|1=1|\/\*|\|)
![Page 22: Keeping up with Web Logs. AWStats Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649ce15503460f949abe28/html5/thumbnails/22.jpg)
References
AWStats Home http://awstats.sourceforge.net http://
awstats.sourceforge.net/docs/index.html ASCII Table
http://www.asciitable.com/ Injection attack patterns
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/