On 04/25/2014 06:18 PM, James Records wrote:
I posted this on reddit a while back, i've been doing this on pfsense for a
while don't see why it wouldn't work with OBSD:
http://www.reddit.com/r/PFSENSE/comments/1vn51f/monitoring_question_analysis_of_uris_by_ip_address/
basically install httpry and do this: httpry -i em1 | grep 'GET\|POST' |
logger&
Jim
Thank you. This is exactly what I've looked for.
I'll try to calculate number of unique Get or Post requests per IP and
that's all.
# httpry -i em0 -d -o /home/httpry/em0.log -u nobody -f
timestamp,source-ip,host,method -m get,post 'tcp port 80'
# # egrep "GET|POST" em0.log | uniq | head -10
2014-04-28 12:27:03 192.168.5.32 pagestat.mmi.bemobile.ua GET
2014-04-28 12:27:05 192.168.5.32 pbs.twimg.com GET
2014-04-28 12:27:07 192.168.5.32 glavcom.ua GET
2014-04-28 12:27:07 192.168.5.32 pagestat.mmi.bemobile.ua GET
2014-04-28 12:27:07 192.168.5.32
ep01.irl.amz.nimbus.bitdefender.net POST
2014-04-28 12:27:07 192.168.5.32 hq.nimbus.bitdefender.net POST
2014-04-28 12:27:07 192.168.5.32 glavcom.ua GET
2014-04-28 12:27:08 192.168.5.32 glavcom.ua GET
2014-04-28 12:27:08 192.168.5.32 informers.ukr.net GET
2014-04-28 12:27:08 192.168.5.32 glavcom.ua GET
