Log Analysis: Access Log Analysis Using Command Line
HAppy New Year 2017!!! My first entry on January. Hopefully will assist in Web Attack investigations. First, we need know a Log Format : "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" %h Remote host, the IP address of the request. %l Remote logname, this will never have a value as IdentityCheck is off, it’s just included for backwards compatability. %u Remote user if htauth is being used (may be bogus if return status (%s) is 401) %t Time the request was received in the format [day/month/year:hour:minute:second zone] %r First line of the request %>s The final HTTP status code, see full list of possible status codes in the HTTP 1.1 specification (RFC2616 section 10). %b Size of response in bytes, excluding HTTP headers. In CLF format, i.e. a ‘-’ rather than a 0 when no bytes are sent. %{Referer} The “Referer” (sic) HTTP request header, this is provided by the client request so it may be bogus. %{User-Agent} The Use