Ladies and gents, I realize this might be way OT, especially since it is some sort of promotion, but I however think it might also be of general interest. I have set up a system which performs automated Security Log Analysis of (initially) web werver log files. The Analysis is solely based on detecting anomalies in the logs, and will e-mail a report back with the results. (Anomaly Detecion might be a bit overkill name. But it searches for things not meant to be in the logs under normal circumstances, and reports on them) Simply gzip your log file, mail it as an attachment to loggerat_private, and a result will be returned shortly. Usually within minutes, depending on current load. The Logfile will be deleted upon successfull analysis. No records will be kept regarding your logs, e-mail addresses etc. The report contains, for example: * Top IP's causing 404 messages (Inidicate possible vulnerability scans) * Detection of Cookie manipulation or session hijacking * Detection of URL's causing Server Errors (5xx messages) * Attempts to retrieve 'dangerous files', i.e. cmd.exe, /etc/passwd, and so on * Lists Illegal HTTP versions * Lists attempted Buffer Overflows (Exceedingly long URL's) * Lists the IP's of Top HIT'ers to detect bandwidth suckers... * Lists attempts to log on, other than 'Anonymous' * And a few more... However, the service is still under development, and I do have plans to commercialize the service. But those plans are currently far off... Just so you know. I would really appreciate any constructive feedback on the service. Flames > /dev/null. More info is available at http://a51.mine.nu/ (The site IS temporary...) Regards nixguru --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Tue Jun 18 2002 - 08:54:04 PDT