Date: Mon, 30 Mar 2009 15:55:35 -0500 From: Charles Howse <chowse@charter.net> To: Mel Flynn <mel.flynn+fbsd.questions@mailing.thruhere.net> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: analyzing httpd-error.log Message-ID: <82E8EACC-E6A3-48FA-9203-80A5F924870F@charter.net> In-Reply-To: <200903302211.30208.mel.flynn%2Bfbsd.questions@mailing.thruhere.net> References: <5BCD53E0-5B9F-4349-8401-FBF0ACF369C2@charter.net> <4ad871310903291154j74c35b0p545157b848adf8b9@mail.gmail.com> <8BDE67B0-B6B1-4AAC-A0FD-0E519E74CBAF@charter.net> <200903302211.30208.mel.flynn%2Bfbsd.questions@mailing.thruhere.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mar 30, 2009, at 3:11 PM, Mel Flynn wrote: > On Sunday 29 March 2009 22:25:55 Charles Howse wrote: >> On Mar 29, 2009, at 1:54 PM, Glen Barber wrote: >>> On Sun, Mar 29, 2009 at 1:33 PM, Charles Howse <chowse@charter.net> >>> >>> wrote: >>>> On Mar 28, 2009, at 11:51 PM, Olivier Nicole wrote: >>>>> Hi, >>>>> >>>>>> Webalizer is doing what it's supposed to with httpd-access.log, >>>>>> but >>>>>> when I give it the error log to process is coughs, spits and >>>>>> spills >>>>>> out errors with no data processed. My research hasn't turned >>>>>> up a >>>>>> good solution for webalizer and -error.log. >>> >>> What are the errors? >> >> Intrusion attempts, (a few) bad links in my website, also I use the >> error.log to troubleshoot cgi scripts. > > Nothing beats tail -f for debugging. > > 404's can be gathered from access log, by webalizer (or awstats > or ...) and > are summarized when enabled. If I remember correctly, there's also a > referer > top list, that specifies which pages link to invalid pages, but it > may have > been awstats that does this. > > Can't think of anything specific for apache error log, I roll my own > grok > rules if I'm really interested in a specific vulnerability. See > sysutils/grok. Yes, awstats does a fair job of summarizing 404's. I have a hardware router, not extremely interested in a packet filter for my webserver. I guess I could do some deny from rules in apache.conf if necessary...? ***** #!/bin/sh date=`date "+%b %e"` cd /var/log grep "$date" httpd-error.log | grep -v 192.168.254.254 | grep -v 192.168.254.3 > /root/err.log mail -s "httpd-error.log" charles < /root/err.log ***** I run this from cron @ 11:59 PM every night, and that gives me the error log for that day. Maybe I won't miss anything serious between 11:59 and midnight. Can anyone help with a grep command that will filter out all addresses beginning with 192.168.254? Something to replace the 2 piped commands with only 1. I tried: grep -v -regexp[^192\.168\.254\.] but that didn't match any records...?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?82E8EACC-E6A3-48FA-9203-80A5F924870F>