Results 1 to 8 of 8

Thread: Log analyzer

  1. #1
    Junior Member
    Join Date
    Aug 2008
    Posts
    2

    Question Log analyzer

    Hello,

    I am looking for log analyzer that i can use to narrow down errors, sql injection and XSS(any from of attacks).

    Thx in advance

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    demonize....you will probably get way more responses if you give us more info....like where these logs are??

    Operating system, router, etc

    I know that somepeople have all logs copied to a specific machine to then analyze??

    How big are these logs???



    MLF
    Last edited by morganlefay; May 11th, 2009 at 03:45 PM.
    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    Junior Member
    Join Date
    Aug 2008
    Posts
    2
    the log file size is 22.9 mb
    Part of the log:
    Code:
    +and+1=convert(nvarchar,CHAR(+127+))%2B(select+@@servername)
    +having+1=1-- 
    id0=0%20/*!39999%20and%201=2*/--%20and%201=1 HTTP/1.1" 200 12371 "-" "pangolin/0.1"
    id0=0%20and%20(select%20length(database())%20%20)%3C=32%20and%201=1 HTTP/1.1" 200 
    id0=0%20and%20(select%20length(database())%20%20)%3E16%20and%201=1 HTTP/1.1" 200 
    id0=0%20and%20(select%20length(database())%20%20)%3E24%20and%201=1 HTTP/1.1" 200 
    id0=0%20and%20(select%20length(database())%20%20)%3E28%20and%201=1 HTTP/1.1" 200 
    id0=0%20and%20(select%20length(database())%20%20)%3E30%20and%201=1 HTTP/1.1" 200 
    id0=0%20and%20(select%20length(database())%20%20)%3E31%20and%201=1 HTTP/1.1" 200 
    id0=0%20and%20(select%20ascii(substr(database(),1,1))%20%20)%3C=256%20and%201=1 HTTP/1.1" 
    id0=0%20and%20(select%20ascii(substr(database(),1,1))%20%20)%3E128%20and%201=1 HTTP/1.1" 200 
    id0=0%20and%20(select%20ascii(substr(database(),1,1))%20%20)%3E192%20and%201=1 HTTP/1.1" 200 
    id0=0%20and%20(select%20ascii(substr(database(),1,1))%20%20)%3E224%20and%201=1 HTTP/1.1" 200 
    id0=0%20and%20(select%20ascii(substr(database(),1,1))%20%20)%3E240%20and%201=1 HTTP/1.1" 200 
    id0=0%20and%20(select%20ascii(substr(database(),1,1))%20%20)%3E248%20and%201=1 HTTP/1.1" 200 
    id0=0%20and%20(select%20ascii(substr(database(),1,1))%20%20)%3E252%20and%201=1 HTTP/1.1" 200 
    id0=0%20and%20(select%20ascii(substr(database(),1,1))%20%20)%3E254%20and%201=1 HTTP/1.1" 200 
    id0=0%20and%20(select%20ascii(substr(database(),1,1))%20%20)%3E255%20and%201=1 HTTP/1.1" 200

  4. #4
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    The tool you use will depend on the APPLICATION that is logging the events....


    there are ISA, SQL, Exchange, Event, Syslog, IIS, log analyzers

    using Google and being a little more specific will really help in your search.

    Looks like a bot

    http://www.google.com/search?q=pango...e=utf8&oe=utf8




    MLF
    Last edited by morganlefay; May 11th, 2009 at 06:14 PM.
    How people treat you is their karma- how you react is yours-Wayne Dyer

  5. #5
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378
    yup. looks like pangolin. sql injection bot. skiddie stuff
    In God We Trust....Everything else we backup.

  6. #6
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391
    Quote Originally Posted by Cheap Scotch Ron View Post
    sql injection bot. skiddie stuff
    It ain't a sql bot, it's a browser based bot

    http://www.botsvsbrowsers.com/details/144772/index.html

    Test drive it here:
    http://www.botsvsbrowsers.com/Simula...ngolin%2F0%2E1

    Check your directory's and make sure everything is how it is supposed to be, also re-check your chmod permission settings.

  7. #7
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378
    It ain't a sql bot, it's a browser based bot
    WTF?

    pangolin is a pen program u initiate from a GUI that runs a bunch of automated dynamic sql that attempt a sql injection hack on a variety of websites. You tell it which DBMS and point it to a bunch of websites and it attempts to compromise the dbms.

    Early versions (as referenced above) also contained a backdoor that sent the logs home to China.

    http://www.nosec.org/en/pangolin.html

    if walks and smells like a duck, it's a duck.

    Call it what you like.

    Scotty, beam me up...
    In God We Trust....Everything else we backup.

  8. #8
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391

    Thumbs down

    Correct..

    Thanks for the correction CSR

    The "tool" that i was thinking off is something completly different. ( )

    also thanks for the little tidbit of info.

    Quote Originally Posted by Cheap Scotch Ron View Post

    if walks and smells like a duck, it's a duck.

    Call it what you like.

    Scotty, beam me up...

Similar Threads

  1. Symantec Deep Sight Analyzer
    By TidaLphasE23 in forum Firewall & Honeypot Discussions
    Replies: 0
    Last Post: July 12th, 2004, 04:54 PM
  2. New MS Baseline Security Analyzer - PRO
    By thehorse13 in forum Microsoft Security Discussions
    Replies: 0
    Last Post: June 9th, 2003, 02:42 PM
  3. My TPFW Log Analyzer...
    By Tim_axe in forum Firewall & Honeypot Discussions
    Replies: 1
    Last Post: April 9th, 2002, 05:05 AM
  4. NetIQ Security Analyzer
    By Don_Wolf in forum Security Archives
    Replies: 0
    Last Post: December 30th, 2001, 07:04 PM
  5. NetIQ Security Analyzer
    By Don_Wolf in forum Roll Call
    Replies: 0
    Last Post: December 30th, 2001, 05:07 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •