Re: [mod-security-users] statistics
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] statistics
|
From: Justin G. <web...@sw...> - 2005-12-22 15:00:03
|
looks good, let us know when we can give it a try. Justin li...@32... wrote: > on 12/21/05 7:18 PM, Justin Grindea at web...@sw... wrote: > > >>hi, >> >>I've asked here before and kept googling but can't find any piece of script >>that can parse the audit log(s) and provide a picture of what's going on. >> >>I'd like to know for example top attacking IP's, top attacked sites, top >>signatures used. >> >>Also I'm thinking about email notification of possible intrussions, anyone has >>a sane logic >>and possible script for notifications? Maybe email for one IP getting x errors >>in y seconds? >> >>Such script could also help detect false positives, I'm always having troubles >>detecting them >>before my clients :( >> >>thanks, >>Justin > > > > I have this done using php. Also has an archive feature that will take all > files created by Concurrent logging method, and add them to a MySQL database > for future searches and stats. > > I am still working on it, but here is an example... > > https://cp.macdock.com/audit_log/ > > When I finish it, I will make it available for free :) > > Php 4 and mysql required. > > -Mike > |
