1 / 22

Awstats Log Analyzer

Keeping up with Web Logs. Awstats Log Analyzer. AWStats. Supports HTTP as well as FTP and Mail logs IIS and Apache Complete list at end of presentation Runs on Windows and Linux System Requirements PERL 5.0 or greater. Useful Features.

lorant
Download Presentation

Awstats Log Analyzer

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Keeping up with Web Logs Awstats Log Analyzer

  2. AWStats • Supports HTTP as well as FTP and Mail logs • IIS and Apache • Complete list at end of presentation • Runs on Windows and Linux • System Requirements • PERL 5.0 or greater

  3. Useful Features • Summary of # visitors, # visits, pages, hits, bandwidth • Monthly, Daily, and Hourly traffic graphs • Visitors listed by frequency • Counts: file type, downloads, and URL-pages • Status code counts • Link to view 404 Not-Found log entries • Useful Plug-ins • Hostinfo • Raw Log Search

  4. Screenshot

  5. Daily Trend

  6. Top Visitors

  7. Downloads

  8. URLs Visited

  9. HTTP Status Codes

  10. 404 Report

  11. HostinfoPlugin • Used to get Whois information about visitor • Will display information in a new browser window • Useful to determine origin of unresolvableIps • Ex: 121.254.193.202 had over 1,500 hits to our site • Click on ? Link in the Hosts (Top 10) table

  12. HostinfoPlugin - Whois

  13. Raw Log Search Plugin • Puts search form at top of report page • Will search and display contents of the “current” log • Allows PERL regular expression searches • Useful to search for suspicious traffic

  14. Search for visitors…

  15. Error codes…

  16. Suspicious patterns…

  17. More suspicious patterns

  18. Caveat Emptor! XSS attacks will be reflected in log! Don’t have other sites open using same browser Use dedicated system/vmfor log review

  19. Why I like it • It’s Free! • Active project = revisions and improvements • Multi-platform support • Easy to set up and get going • Provides at-a-glance view of web activity • Plugins available to provide additional functionality

  20. Notes • Log formats supported • Apache common log format (see Note*),Apache combined log format (known as NCSA combined log format or XLF or ELF format),Any other personalized Apache log format,Any IIS log format (known as W3C format),Webstar native log format,Realmedia server, Windows Media Server, Darwin streaming server,ProFTPd server, vsFTPd server,Postfix, Sendmail, QMail, MdaemonA lot of web/wap/proxy/streaming servers log format

  21. Notes - continued • Search pattern for visitor • 123.125.67.181.*08/Jan • Search for error codes • “ 400 “ • Search for suspicious patterns • URL w/ at least 4 encoded chars • GET.*(%[0-9a-fA-F]{2}){4}\S* HTTP • Embedded hex • GET \S*(\\[xX][0-9a-fA-F]{2}) • Reverse directory traversal • GET \S*(\.\.\/){2} • Injection attacks • GET \S*(select\(|SELECT\(|--|1=1|\/\*|\|)

  22. References • AWStats Home • http://awstats.sourceforge.net • http://awstats.sourceforge.net/docs/index.html • ASCII Table • http://www.asciitable.com/ • Injection attack patterns • http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/

More Related