Forum Topic: interpreting raw access logs
I read your post about this and I'm wondering if you have something (anything, a link or whatever) that talks about the logs more in-depth? I'm just getting into this for the first time and there are many questions, and trying to find info about this online hasn't produced much. Most give you the basic rundown of each category and stop there.
So for example, just in the first few lines I'm seeing this:
220.127.116.11 - - [31/Dec/2013:06:29:44 -0600] "GET / HTTP/1.0" 200 29621 "-" "-"
Notice the two missing parameters at the end there.
Where did YOU learn all of this stuff? :)
3 Replies to “interpreting raw access logs”
Here are the words right from the horse's mouth:
Most of my understanding comes from countless hours actually studying and combing thru access and error logs. It doesn't sound like fun, but once you get what you're looking at, things become a lot more interesting :)
Yeah I was afraid you'd point to the apache site. ZZZzzzzzz.
Anyway I'm with you, the log files are fun to comb through. Yesterday I got rid of my first possible energy vamp. (Over 600 hits a month looking for various feeds seems confusing to me, so I made a PHP page called
temp-ban.php where these people will end up, and the option to email me and get unbanned is open to them.)
I used to get attacked a lot, but I didn't know anything so my server guy would always fix everything up. Now that I'm getting ready to know things, no one attacks me anymore. At least not like they used to. Too bad. Maybe I should start blogging about how invincible I'm becoming. :)
It's easy these days to be a target -- I've learned to dial it back online, but I also keep an eye on things just in case.. I think it's great that more people are learning how to protect their sites. I've seen how even a modicum of effort is enough to keep attacks at bay.
For Apache Docs, I agree it's not blood-pumping material, but it's the most concise and time-efficient way to communicate the information. If only I had the time to write more on the subject, it's a big part of what I do online.
Keep an eye on things -- even thinking "no one attacks me anymore" or "how invincible I'm becoming" seems to be enough to make it happen :)