What log analizer to use?

aksana · #1 (**permalink**) 9th-August-2008, 06:14 AM

Hi guys, I try to analize my log files almost every day, I know I must do that and I know that it's very important And almost every day I find new IPs to ban.
For example, this morning I've found a such line:

89.18.166.209 - - [08/Aug/2008:21:00:14 -0700] "GET /xxxx/index.php?cat=%2527+UNION+SELECT+CONCAT(666,CHAR(5

,user_pass,CHAR(5

,666,CHAR(5

)+FROM+wp_users+ where+id=1/* HTTP/1.1" 301 5 "-" "Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)"

No doubt, it's a mySQL injection.

But analyzing logs is a very long and difficult process, and I would like to ask you about any programs which can help me to anylize my logs and find hack attacks.

Thanks

oddsfinder · #2 (**permalink**) 9th-August-2008, 11:29 AM

Check out splunk! It's a very powerful tool that I've been using for a while now

universal4 · #3 (**permalink**) 9th-August-2008, 02:59 PM

There are a number of threads here as we have discussed this plenty of times over the years, but mostly dealing with visitor stats from a marketing standpoint and not so much looking for hack attempts.

I would be interested in the outcome of this discussion.

Rick
Universal4