At 11:45 AM 7/26/2002 -0700, James Fleming wrote:
>I am looking to analyze security events in the my
>presentation layer (web server) and wondered if anyone
>has any good experience they can share ?
>
>I am logging a lot of data so I capture all GETS's etc
>which enables me to see XSS and SQL injection type
>attacks.
>
>Are there any open source tools that will do this for
>me ?
>
>Anything that will send me an alert in near realtime
>when an event gets written in the log ?
>
>If there are any commercial tools can you send them to
>me off-line from the list (moderator: see I read the
>charter thread ;-)

I am a college student in Computer Science and was toying with an idea for
my senior project to write a web log analyzer that runs under NT/2k/XP as a
service and analyzes both the W3SVC logs as well as the URLscan logs (you
ARE running URLscan, right?) anyway, I'd like it to be very configurable
and do things such as: send an alert to the hacker's ISP with "proof" after
so many attempts; send the ISP alerts that the person is infected with one
of several well-known viruses; page the Sysad if they use "Telalert" or
similar service; send the Sysad an email to alert them; etc; etc; etc; but
I don't want to do this if something similar already exists.

As usual, please offline message me with any info anyone might have on
existing programs...just like James asked for. :)

Thanks,
Tim
[drop the NOSPAM. from my email addy to reply]

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]