From owner-freebsd-security  Sat Jan  4 14:44:16 2003
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1FBF237B401
	for <freebsd-security@freebsd.org>; Sat,  4 Jan 2003 14:44:14 -0800 (PST)
Received: from sccrmhc02.attbi.com (sccrmhc02.attbi.com [204.127.202.62])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7DECC43E4A
	for <freebsd-security@freebsd.org>; Sat,  4 Jan 2003 14:44:13 -0800 (PST)
	(envelope-from timothy@voidnet.com)
Received: from repose (12-210-146-224.client.attbi.com[12.210.146.224])
          by sccrmhc02.attbi.com (sccrmhc02) with SMTP
          id <20030104224412002000g24ee>; Sat, 4 Jan 2003 22:44:12 +0000
Content-Type: text/plain;
  charset="us-ascii"
From: Eric Timme <timothy@voidnet.com>
To: freebsd-security@freebsd.org
Subject: solutions for monitoring remote apache logs?
Date: Sat, 4 Jan 2003 16:44:10 -0600
User-Agent: KMail/1.4.3
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200301041644.10412.timothy@voidnet.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

I'd like to keep track of stuff that happens with my webserver and was=20
wondering of anyone could lend some input as to the solution they use?  I=
t is=20
just a small LAN, so the server serves a very small amount of webpages, s=
o=20
I'd like to keep track of specific IPs and the files they access as well =
as=20
times, but god, right now with the default configuration in place I have =
hit=20
after hit from code red, nimda, etc, such that any real hits get drowned =
out.

Is it possible to just ignore all the IIS garbage via Apache, so it never=
 hits=20
the logs, and if so, how?

Also, are there any good solutions for rotating apache logs and emailing =
the=20
IIS free logs to myself?  The only way to do this I can think of would be=
 to=20
modify newsyslog to rotate them, and somehow include them in what daily s=
ends=20
to me.

Please lend your input..

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message