Hi,
I'll be building a log collection and processing tool oriented mainly
toward web applications. Since the underlying technology is the
same no matter of the actual purpose I am considering to allow for
some sort of event normalization to be added later.
I have been trying to find information on event normalization on the
Web and in the mailing list archives without success. Finally
I decided to ask the question here:
Are there any event normalization standards or open implementations
I should be aware of?
PS. While I am here: I wrote several log analysis scripts for the
logging chapter of my book. They are now available for download at
http://www.apachesecurity.net. I am sure it will be of interest. The
following scripts are related to logging:
error_log_ai - artificial ignorance for web server logs
logscan - handy script to make searching through web server logs easier
mod_globalerror.c - Apache 2 module to duplicate the error log to
a central location (when Apache is configured to
split them into per-virtual host files).
Any type of feedback is appreciated. Time permitting, I will continue
to enhance these tools.
Also (I don't know if it has been mentioned before), mod_security
(Apache module) allows for full request body logging, which makes it
handy to log the attacks that happen in POST bodies and such.
--
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Thu Feb 24 2005 - 10:14:39 PST