Let's say I have an Apache Web Server access log. I think something fishy was going on yesterday, but I don't want to manually parse through all the disgusting text based logs to find the craziness. I could write a custom python script, splash in some amazing regular expressions, and try to find the bad stuff on my own. Or I could just use somebody else's :-)
Here in lies a tool like apache scalp. It's a free python script you can download and execute. The only pre-requisites are that you have python installed and that you download the default filter xml file.
Then run the script
python.exe scalp-0.4.py -l www.mysite_log -o myoutputfolder --html -f default_filter.xml
Loading XML file 'default_filter.xml'...
Processing the file 'www.mysite_log'...
Scalp results:
Processed 873 lines over 873
Found 6 attack patterns in 0.581000 s
Generating output in myoutputfolder\www.mysite_log_scalp_*
It generates a pretty html file that you can open in your browser from the myoutputfolder location.
Hopefully if anything you just saved yourself a bunch of time.
Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.
No comments:
Post a Comment