This is a collection of command line and web based tools for use in incident response and long term analysis use as part of ongoing situational awareness. Often when responding to a security incident the only files available are web server and proxy server logs. The tools here will aid you in detecting odd traffic such as botnet beaconing and SQL Injection attempts. The large amount of data can be overwhelming and the tools in the Log Analysis Tool Kit can be used to parse these files and build a MySQL database for querying.
Currently the log formats supported are:
Web Server Logs:
Your feedback is always appreciated. Please report any issues or enhancement requests to the author.
The tools are written in Python3 and PHP. The tool kit has been tested on Mac OSX and Fedora.
Be the first to post a review of Log Analysis Tool Kit - LATK!