You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Nathan Belk <nb...@nitrosecurity.com> on 2010/12/03 18:43:51 UTC
[users@httpd] Request for Log samples
I am currently working on creating signatures and rules to collect
events from the Apache web server. I am doing this so that
NitroSecurity can support the Apache web server with the Nitroview SIEM
product line.
To accomplish this, I need as many log samples that I can find of both
the error log and the access log. With the access log, I am looking for
the combined and common log formats.
I have looked for log samples on line but I generally only find generic
single line examples. I am looking for larger log files of the apache
server in production so that I may create a more complete collection of
rules.
If you are able to, please send your log files to me at
nbelk@nitrosecurity.com
Thanks,
Nathan
This e-mail message and any attachments contain information that is confidential and may be privileged. If the reader of this e-mail is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to this message or by sending an email to postmaster@nitrosecurity.com, and destroy all copies of this message and any attachments without reading or disclosing them. Thank you.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Request for Log samples
Posted by Nathan Belk <nb...@nitrosecurity.com>.
Thanks for the reply.
The rule sets are not for our environment per se. We create the rules
and signatures that go onto the NitroSecurity SIEM products. These
products then are placed on customers' networks which helps keep their
systems secure.
All the apache installations that we have in house are test
installations that do not see much traffic. What we are looking for are
log files as close to real world log samples as possible so that the
rule-set will cover a wide range of events that our customers may encounter.
I understand that there may be sensitive information contained in the
error and access logs. I was not expecting these people would send me
their logs. I was just writing to see if anyone has any logs they
wouldn't mind sharing with me so that I might create a more robust set
of rules.
Thanks!
Nathan
On 12/03/2010 04:27 PM, Igor Galić wrote:
> Hi Nathan,
>
>> I am currently working on creating signatures and rules to collect
>> events from the Apache web server. I am doing this so that
>> NitroSecurity can support the Apache web server with the Nitroview
>> SIEM
>> product line.
>>
>> To accomplish this, I need as many log samples that I can find of both
>> the error log and the access log. With the access log, I am looking
>> for the combined and common log formats.
>>
>> I have looked for log samples on line but I generally only find
>> generic
>> single line examples. I am looking for larger log files of the apache
>> server in production so that I may create a more complete collection
>> of rules.
> Access and Error Log files often contain quite sensitive information,
> so hardly anyone (sane) will be very keen on sharing them.
>
>> If you are able to, please send your log files to me at
>> nbelk@nitrosecurity.com
> Why can you not use your own log files?
> For *your* environment, they should make most sense.
>
>> Thanks,
>>
>> Nathan
> i
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Request for Log samples
Posted by Igor Galić <i....@brainsware.org>.
Hi Nathan,
> I am currently working on creating signatures and rules to collect
> events from the Apache web server. I am doing this so that
> NitroSecurity can support the Apache web server with the Nitroview
> SIEM
> product line.
>
> To accomplish this, I need as many log samples that I can find of both
> the error log and the access log. With the access log, I am looking
> for the combined and common log formats.
>
> I have looked for log samples on line but I generally only find
> generic
> single line examples. I am looking for larger log files of the apache
> server in production so that I may create a more complete collection
> of rules.
Access and Error Log files often contain quite sensitive information,
so hardly anyone (sane) will be very keen on sharing them.
> If you are able to, please send your log files to me at
> nbelk@nitrosecurity.com
Why can you not use your own log files?
For *your* environment, they should make most sense.
> Thanks,
>
> Nathan
i
--
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org