Hello First, sorry for my english. Yestarday I have prepared very very simple script for CodeRed attacks analyzing. Those script read error logs (LogLevel warn) from Apache server (you may set source directory in script - LOG_DIR) and generate four files in directory "YYYYMMDD" (you may set destination directory in script - DIR): cr-attacks.txt - file with full info ip-date.txt - IP of attacker and date. You may send this file to address aris-reportat_private ip.txt - all IPs of attackers (unique) summary.txt - total attacks and total unique IPs Below I have attached script with example results. Tested on Linux Debian 2.1 with apache-ssl 1.3.9.13-3. Read code and configure for your needs. If you don't pass parameter all info are prepared for previous day. cr-attacks 0 - info for today cr-attacks 1 - previous day cr-attacks 10 - ten days ago I'm waiting for your questions and suggestions. Daniel Kiper - dkiperat_private
This archive was generated by hypermail 2b30 : Wed Aug 08 2001 - 11:05:09 PDT