Home

This is a collection of command line and web based tools for use in incident response and long term analysis use as part of ongoing situational awareness. Often when responding to a security incident the only files available are web server and proxy server logs. The tools here will aid you in detecting odd traffic such as botnet beaconing and SQL Injection attempts. The large amount of data can be overwhelming and the tools in the Log Analysis Tool Kit can be used to parse these files and build a MySQL database for querying.

Currently the log formats supported are:

Proxy Logs:

Squid
Bluecoat

Web Server Logs:

Apache
IIS

Your feedback is always appreciated. Please report any issues or enhancement requests to the author.

The tools are written in Python3 and PHP. The tool kit has been tested on Mac OSX and Fedora.