My HIDS goes off every hour saying I am exceeding the maximum amount of logs in my /var/log/apache2/access.log (roughly 1000 or more every hour). Now, obviously I can adjust the rules on my HIDS to ignore this but I do not wish to miss any pertinent security information in these logs as Apache is a prime target for malicious hackers and script kiddies.
My HIDS goes off every hour saying I am exceeding the maximum amount of logs in my /var/log/apache2/access.log (roughly 1000 or more every hour). Now, obviously I can adjust the rules on my HIDS to ignore this but I do not wish to miss any pertinent security information in these logs as Apache is a prime target for malicious hackers and script kiddies.
System: Linux x86_x64 Ubuntu 14.04
PhPVirtualBox version: 4.3.1
PHP version: PHP 5.5.9-1ubuntu4.7
Apache version: Apache/2.4.7
Sample of messages in access.log (sensitive data has been redacted)
<client_IP> - - [14/Apr/2015:00:24:20 -0600] "GET /phpvirtualbox/screen.php?width=180&vm=8a78ee4a-737b-4859-8ec6-9c91441d6839&randid=1428992653 HTTP/1.1" 200 29091 "http://<server_IP>/phpvirtualbox/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:37.0) Gecko/20100101 Firefox/37.0"
<client_IP> - - [14/Apr/2015:00:24:21 -0600] "POST /phpvirtualbox/lib/ajax.php HTTP/1.1" 200 741 "http://<server_IP>/phpvirtualbox/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:37.0) Gecko/20100101 Firefox/37.0"
<client_IP> - - [14/Apr/2015:00:24:23 -0600] "GET /phpvirtualbox/screen.php?width=180&vm=8a78ee4a-737b-4859-8ec6-9c91441d6839&randid=1428992656 HTTP/1.1" 200 29091 "http://<server_IP>/phpvirtualbox/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:37.0) Gecko/20100101 Firefox/37.0"
<client_IP> - - [14/Apr/2015:00:24:24 -0600] "POST /phpvirtualbox/lib/ajax.php HTTP/1.1" 200 856 "http://<server_IP>/phpvirtualbox/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:37.0) Gecko/20100101 Firefox/37.0"
<client_IP> - - [14/Apr/2015:00:24:26 -0600] "GET /phpvirtualbox/screen.php?width=180&vm=8a78ee4a-737b-4859-8ec6-9c91441d6839&randid=1428992659 HTTP/1.1" 200 29091 "http://<server_IP>/phpvirtualbox/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:37.0) Gecko/20100101 Firefox/37.0"
<client_IP> - - [14/Apr/2015:00:24:27 -0600] "POST /phpvirtualbox/lib/ajax.php HTTP/1.1" 200 741 "http://<server_IP>/phpvirtualbox/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:37.0) Gecko/20100101 Firefox/37.0"
Any help is appreciated. Thank You.