Re: [analog-help] Help a newbie again !!
Again, let me point you to PureSecure, http://www.demarc.com/. It does intrusion detection, system monitoring, etc. Analog is also useful for that, but not so much as a monitoring tool. If you do find something suspicious, you can use Analog to drill through the logs, isolating hosts (HOSTINCLUDE), periods (FROM/TO) and files (FILEINCLUDE) until you get the reports you need. This is a multi-step process. Of course you can get basic details from Analog: a large amount of traffic in a short time in the Hourly, Quarter-Hourly or Five-Minute reports; a host that is more active than others; repeated failed attempts to access secured areas of your site; etc. -- Jeremy Wadsack Wadsack-Allen Digital Group Sibi John ([EMAIL PROTECTED]; Friday, November 01, 2002 11:51 AM): > I totally understand your point. But the main reason i want to do this is say if i >needed to see if there were any hacker intrusion attempts on my site today, I would >like see who was making what > kind of requests at what time, and not just on a particular file, any requests to my >website.. is something like that possible in analog. > > Sibi John. > Systems Adminstrator. > Deerfield Capital Management. > ~ > -Original Message- > From: Jeremy Wadsack [mailto:jwadsack@;wadsack-allen.com] > Sent: Friday, November 01, 2002 12:27 PM > To: [EMAIL PROTECTED] > Subject: Re: [analog-help] Help a newbie again !! > Sibi John ([EMAIL PROTECTED]; Friday, November 01, 2002 9:05 AM): >> 1.) Is there any way to get logs for a particular day on the fly >> . say by choosing a particular day on the report itself.?? i.e not >> going to analog.cfg to change dates ?? > You can use -F/-T from the command line. These are equivalent to FROM > and TO in a config file. >> Also for the faliure report or say for the report request. is there >> any way in which i could customize the failure report so that i >> could get the username / ip address / access time . along with file >> name , number of requests.. which i already get in the report ? > As Aengus just said: > If a file has been requested 1,000 times do you want 1,000 IP addresses > listed against it? > http://www.analog.cx/docs/faq.html#faq128 > You can always generate a full report for a single file by using > FILEINCLUDE filename. The Host Report in this case will just list the > Hosts that requested that file. But you can only report on a single file > at a time. >> 2.) On a different note, i am not sure if this is possible but >> has anybody setup analog to provide graphs to availability and >> uptime for a server. > The web server log files do not really provide this information. You > could look at all the requests and, using some heuristic, figure out > when there have been no requests for a "long" period of time (for some > definition of long). But that's just an estimate. And web/browser > caches and such could affect this. > If you really want availability and uptime, use a server monitoring > solution like the one included in PureSecure, http://www.demarc.com/. + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help@;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
RE: [analog-help] Help a newbie again !!
I totally understand your point. But the main reason i want to do this is say if i needed to see if there were any hacker intrusion attempts on my site today, I would like see who was making what kind of requests at what time, and not just on a particular file, any requests to my website.. is something like that possible in analog. Sibi John. Systems Adminstrator. Deerfield Capital Management. ~ -Original Message- From: Jeremy Wadsack [mailto:jwadsack@;wadsack-allen.com] Sent: Friday, November 01, 2002 12:27 PM To: [EMAIL PROTECTED] Subject: Re: [analog-help] Help a newbie again !! Sibi John ([EMAIL PROTECTED]; Friday, November 01, 2002 9:05 AM): > 1.) Is there any way to get logs for a particular day on the fly > . say by choosing a particular day on the report itself.?? i.e not > going to analog.cfg to change dates ?? You can use -F/-T from the command line. These are equivalent to FROM and TO in a config file. > Also for the faliure report or say for the report request. is there > any way in which i could customize the failure report so that i > could get the username / ip address / access time . along with file > name , number of requests.. which i already get in the report ? As Aengus just said: If a file has been requested 1,000 times do you want 1,000 IP addresses listed against it? http://www.analog.cx/docs/faq.html#faq128 You can always generate a full report for a single file by using FILEINCLUDE filename. The Host Report in this case will just list the Hosts that requested that file. But you can only report on a single file at a time. > 2.) On a different note, i am not sure if this is possible but > has anybody setup analog to provide graphs to availability and > uptime for a server. The web server log files do not really provide this information. You could look at all the requests and, using some heuristic, figure out when there have been no requests for a "long" period of time (for some definition of long). But that's just an estimate. And web/browser caches and such could affect this. If you really want availability and uptime, use a server monitoring solution like the one included in PureSecure, http://www.demarc.com/. -- Jeremy Wadsack Wadsack-Allen Digital Group + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help@;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 + + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help@;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] Help a newbie again !!
Sibi John ([EMAIL PROTECTED]; Friday, November 01, 2002 9:05 AM): > 1.) Is there any way to get logs for a particular day on the fly > . say by choosing a particular day on the report itself.?? i.e not > going to analog.cfg to change dates ?? You can use -F/-T from the command line. These are equivalent to FROM and TO in a config file. > Also for the faliure report or say for the report request. is there > any way in which i could customize the failure report so that i > could get the username / ip address / access time . along with file > name , number of requests.. which i already get in the report ? As Aengus just said: If a file has been requested 1,000 times do you want 1,000 IP addresses listed against it? http://www.analog.cx/docs/faq.html#faq128 You can always generate a full report for a single file by using FILEINCLUDE filename. The Host Report in this case will just list the Hosts that requested that file. But you can only report on a single file at a time. > 2.) On a different note, i am not sure if this is possible but > has anybody setup analog to provide graphs to availability and > uptime for a server. The web server log files do not really provide this information. You could look at all the requests and, using some heuristic, figure out when there have been no requests for a "long" period of time (for some definition of long). But that's just an estimate. And web/browser caches and such could affect this. If you really want availability and uptime, use a server monitoring solution like the one included in PureSecure, http://www.demarc.com/. -- Jeremy Wadsack Wadsack-Allen Digital Group + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help@;lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
