Awstats Log Analyzer - PowerPoint PPT Presentation

keeping up with web logs n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Awstats Log Analyzer PowerPoint Presentation
Download Presentation
Awstats Log Analyzer

play fullscreen
1 / 22
Awstats Log Analyzer
292 Views
Download Presentation
lorant
Download Presentation

Awstats Log Analyzer

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Keeping up with Web Logs Awstats Log Analyzer

  2. AWStats • Supports HTTP as well as FTP and Mail logs • IIS and Apache • Complete list at end of presentation • Runs on Windows and Linux • System Requirements • PERL 5.0 or greater

  3. Useful Features • Summary of # visitors, # visits, pages, hits, bandwidth • Monthly, Daily, and Hourly traffic graphs • Visitors listed by frequency • Counts: file type, downloads, and URL-pages • Status code counts • Link to view 404 Not-Found log entries • Useful Plug-ins • Hostinfo • Raw Log Search

  4. Screenshot

  5. Daily Trend

  6. Top Visitors

  7. Downloads

  8. URLs Visited

  9. HTTP Status Codes

  10. 404 Report

  11. HostinfoPlugin • Used to get Whois information about visitor • Will display information in a new browser window • Useful to determine origin of unresolvableIps • Ex: 121.254.193.202 had over 1,500 hits to our site • Click on ? Link in the Hosts (Top 10) table

  12. HostinfoPlugin - Whois

  13. Raw Log Search Plugin • Puts search form at top of report page • Will search and display contents of the “current” log • Allows PERL regular expression searches • Useful to search for suspicious traffic

  14. Search for visitors…

  15. Error codes…

  16. Suspicious patterns…

  17. More suspicious patterns

  18. Caveat Emptor! XSS attacks will be reflected in log! Don’t have other sites open using same browser Use dedicated system/vmfor log review

  19. Why I like it • It’s Free! • Active project = revisions and improvements • Multi-platform support • Easy to set up and get going • Provides at-a-glance view of web activity • Plugins available to provide additional functionality

  20. Notes • Log formats supported • Apache common log format (see Note*),Apache combined log format (known as NCSA combined log format or XLF or ELF format),Any other personalized Apache log format,Any IIS log format (known as W3C format),Webstar native log format,Realmedia server, Windows Media Server, Darwin streaming server,ProFTPd server, vsFTPd server,Postfix, Sendmail, QMail, MdaemonA lot of web/wap/proxy/streaming servers log format

  21. Notes - continued • Search pattern for visitor • 123.125.67.181.*08/Jan • Search for error codes • “ 400 “ • Search for suspicious patterns • URL w/ at least 4 encoded chars • GET.*(%[0-9a-fA-F]{2}){4}\S* HTTP • Embedded hex • GET \S*(\\[xX][0-9a-fA-F]{2}) • Reverse directory traversal • GET \S*(\.\.\/){2} • Injection attacks • GET \S*(select\(|SELECT\(|--|1=1|\/\*|\|)

  22. References • AWStats Home • http://awstats.sourceforge.net • http://awstats.sourceforge.net/docs/index.html • ASCII Table • http://www.asciitable.com/ • Injection attack patterns • http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/