-
Archives
- March 2013
- June 2012
- May 2012
- April 2012
- March 2012
- October 2011
- September 2011
- July 2011
- June 2011
- May 2011
- April 2011
- February 2011
- January 2011
- October 2010
- September 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- August 2009
- June 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- May 2006
- March 2006
Category Archives: log analysis
Faking (all) user agents
If you are going to fake a user agent, do it right :) Seeing some web scanners faking all possible browsers out there in one single request: Firefox/3.6 Chrome/9 Firefox/3.0 Opera/9.99? Safari and more.. This is the actual log (searching … Continue reading
Database Logging (PostgreSQL and MySQL)
Nobody cares about database logging, but I really recommend enabling them to see what is happening behind the scenes (specially for web applications). To enable on PostgreSQL (and be compatible with OSSEC): # Adding the timestamp, hostname and database. log_line_prefix … Continue reading
Detecting outdated (web) applications with OSSEC
For the last few days I started working (again) on the system auditing module for OSSEC and one thing that can make it more useful is to detect outdated applications (specially web apps). Things like WordPress, Joomla, Wikis and others … Continue reading
Using OSSEC for the forensic analysis of log files
OSSEC works well for real time analysis of log files. However, if you have one old log file that you want to check or if you are doing a forensics analysis of a box and wants to check the logs … Continue reading
Posted in log analysis, ossec
1 Comment
OSSEC on Microsoft Vista/Server 2008
I just finished adding support for Vista/Server 2008 on OSSEC. We had some server(manager)-side changes to understand the new events ids and lots of changes on the agent side. If you have any Vista or Server 2008, please help us … Continue reading
Posted in log analysis, ossec, v16, vista
2 Comments
Using OSSEC to detect attacks on an Asterisk box
Sandro Gauci wrote a very interesting article showing how to add support for Asterisk Logs on OSSEC. Enjoy: Using OSSEC to detect attacks on an Asterisk box
Posted in log analysis, ossec
Leave a comment
Ugliest application logs ever
This is quite off topic, but too fun for me to ignore it. Great thread in the log analysis mailing list with the ugliest application logs ever. Check it out: LogAnalysis.org thread
Posted in fun, log analysis
Leave a comment
Last message repeated X times (rant)
I don’t know about you, but I really hate this “last message repeated X times” on Syslog. Some say that it is useful to avoid floods (denial of services) with repeated messages. Others say it keeps your log files “clean”… … Continue reading
Posted in log analysis
2 Comments
Database Logging
Next version of OSSEC will come with support for PostgreSQL logs and MySQL error/query logs. Since database logging is not something widely done (and even hard to find documentation about), I started in the OSSEC wiki some sections about it. … Continue reading
Posted in log analysis, ossec
Leave a comment
How to create a log standard
Get the marketing team together for a clever name. Copy and paste Microsoft’s IIS W3C log format Write a press release and tell the world about it I am not joking, but eIQnetworks released their Open Source Event Logging Standard … Continue reading
Posted in CEE, log analysis
Leave a comment