|
-
November 6th, 2002, 07:37 PM
#1
Web Server Monitoring
I am looking for some software that I could use to monitor attempts to get to executables and what not on my webservers. For example, if someone tried to get a command prompt by altering the url or something, I would like to specifically log that for review. Does anyone know of any software with this capability? I didn't come up with much on google or with a search on AO. Any help would be appreciated.
t2k2
Opinions are like  holes - everybody\'s got\'em.
Smile 
-
November 6th, 2002, 07:41 PM
#2
t2k2, I have SNORT set-up to monitor all my servers in my DMZ. It does pick-up those type of attacks. (as well as many more).
http://www.snort.org/
Cheers:
-
November 6th, 2002, 08:06 PM
#3
Senior Member
Just in support of DjM....Snort!
-
November 6th, 2002, 08:27 PM
#4
Alrighty then, I will definitely take that under advisement. I've played a little with Snort, never actually got it working however, but neither did I spend that much time with it. Will it pick up certain error types as well, like 400 and 500 type error codes and such? Just curious... Also, let me know if you have any recommendations for resources in regards to getting it setup. I have a few including the snort.org site and silicondefense for the Windows version, but anything else would be helpful as well. I find that it's good to be able to look at many different resources.
Thanks DjM,
t2k2
If anyone else has any suggestions
Opinions are like holes - everybody\'s got\'em.
Smile
-
November 6th, 2002, 08:49 PM
#5
Currently I am not picking up the 400 & 500 type of errors. That's not to say it won't, you may be able to configure it to trap & record those types of errors. It is a bit time consuming to set-up but given the cost (free) and the information it provides you on what is going on in your DMZ, I believe it is well worth the effort. The main resources I used was the www.snort.org site but there are likely quite a few out there. And as always, you can post questions here, I believe there are many AO members using snort.
Good Luck.
Cheers:
-
November 7th, 2002, 02:52 AM
#6
Senior Member
Re: Web Server Monitoring
Originally posted here by t2k2
I am looking for some software that I could use to monitor attempts to get to executables and what not on my webservers. For example, if someone tried to get a command prompt by altering the url or something, I would like to specifically log that for review. Does anyone know of any software with this capability? I didn't come up with much on google or with a search on AO. Any help would be appreciated.
t2k2
you can also check the web server logs themselves. if you are using apache on linux they'd be on /var/log/httpd/error_log*, or (path to apache)/logs/httpd if you put it elsewhere. sorry but i don't know where it would be on windows systems. it would show you a whole of spam from nimda and code red-related attempts.
good luck.
regards,
mark.
\'hi, welcome to *****. if you would like to speak to an operator, please hang up now.\'
* click *
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote