Hi, On Tuesday 07 August 2001 11:44, christian.burri@synecta.ch wrote:
We setup a crontab on our webserver machine, similar to "cat httpd.access_log | grep default.ida > ida_fools.txt" its up since Aug, 2 2001 and the output file's got quite some lines in it: ... Cheers :) Chr. Burri
Other than merely collecting, you can do better things with these log entries, e.g. grep 'default.ida' httpd.access_log | mail -s 'APACHE' redalert@dshield.org (see www.dshield.org/codered.html). They collect Code Red logs and notify domain admins of infected machines. If you don't know what to do with your firewall, portsentry or whatever log files, www.dshield.org is a good address to send them to. Don't forget to read the "How to submit reports" section, though. Regards, Martin -- Martin Leweling Institut fuer Planetologie, WWU Muenster Wilhelm-Klemm-Str. 10, 48149 Muenster, Germany