Web Server Monitoring
Results 1 to 6 of 6

Thread: Web Server Monitoring

  1. #1
    Senior Member
    Join Date
    Aug 2002
    Posts
    651

    Web Server Monitoring

    I am looking for some software that I could use to monitor attempts to get to executables and what not on my webservers. For example, if someone tried to get a command prompt by altering the url or something, I would like to specifically log that for review. Does anyone know of any software with this capability? I didn't come up with much on google or with a search on AO. Any help would be appreciated.


    t2k2
    Opinions are like holes - everybody\'s got\'em.

    Smile

  2. #2
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    t2k2, I have SNORT set-up to monitor all my servers in my DMZ. It does pick-up those type of attacks. (as well as many more).

    http://www.snort.org/



    Cheers:
    DjM

  3. #3
    Senior Member
    Join Date
    Feb 2002
    Posts
    177
    Just in support of DjM....Snort!

  4. #4
    Senior Member
    Join Date
    Aug 2002
    Posts
    651
    Alrighty then, I will definitely take that under advisement. I've played a little with Snort, never actually got it working however, but neither did I spend that much time with it. Will it pick up certain error types as well, like 400 and 500 type error codes and such? Just curious... Also, let me know if you have any recommendations for resources in regards to getting it setup. I have a few including the snort.org site and silicondefense for the Windows version, but anything else would be helpful as well. I find that it's good to be able to look at many different resources.


    Thanks DjM,

    t2k2

    If anyone else has any suggestions
    Opinions are like holes - everybody\'s got\'em.

    Smile

  5. #5
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Currently I am not picking up the 400 & 500 type of errors. That's not to say it won't, you may be able to configure it to trap & record those types of errors. It is a bit time consuming to set-up but given the cost (free) and the information it provides you on what is going on in your DMZ, I believe it is well worth the effort. The main resources I used was the www.snort.org site but there are likely quite a few out there. And as always, you can post questions here, I believe there are many AO members using snort.
    Good Luck.

    Cheers:
    DjM

  6. #6
    Senior Member
    Join Date
    Sep 2001
    Posts
    110

    Re: Web Server Monitoring

    Originally posted here by t2k2
    I am looking for some software that I could use to monitor attempts to get to executables and what not on my webservers. For example, if someone tried to get a command prompt by altering the url or something, I would like to specifically log that for review. Does anyone know of any software with this capability? I didn't come up with much on google or with a search on AO. Any help would be appreciated.


    t2k2
    you can also check the web server logs themselves. if you are using apache on linux they'd be on /var/log/httpd/error_log*, or (path to apache)/logs/httpd if you put it elsewhere. sorry but i don't know where it would be on windows systems. it would show you a whole of spam from nimda and code red-related attempts.

    good luck.

    regards,
    mark.
    \'hi, welcome to *****. if you would like to speak to an operator, please hang up now.\'
    * click *

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •