NOTE: This project is no longer under active developement.
Check out the successor at: https://github.com/jensvoid/lorg
Web Forensik ist a script that uses PHPIDS to automatically scan your HTTPD logfiles for attacks against web applications. Check the Wiki for installation, configuration, usage.
- supports standard log formats (common, combined)
- allows user-defined (mod_log_config syntax) formats
- automatically pipes your web logs through PHPIDS
- categorizes all incidents by type, impact, date, host...
- generates reports in CSV, HTML (sortable table), XML
Unable to work out how to install this software. The tar ball contains 93 files whilst the documentation states how to install *one* of those. Where do the rest go?!
webforensik is further developed as `lorg' - github.com/jensvoid/lorg - with many new features added (various detection modules, man-machine distinction, attack quantification, geoip/dnsbl support, logfile tamper checks, ...)
Thank you for doing this, I find it really useful. I tried to run it with the latest PHPIDS and I received some PHP errors so I fixed it and put the code on github : github.com/nekhbet/WebForensik Hope this will help someone.
fast download and works, recommended.