Tell me more ×
IT Security Stack Exchange is a question and answer site for IT security professionals. It's 100% free, no registration required.
up vote 0 down vote favorite

Is there any open source framework or libraries which can provide security monitoring capabilities for Web application by analyzing Web application access logs. Basically i need to monitor and analyze Apache/IIS logs and want to compute general statistic like Request analysis, bot hits etc

share|improve this question
Have a look at phpids.org - this is an intrusion detection system which writes suspicious behaviour into logs. – akluth Sep 20 '12 at 11:01
From your question, it sounds like you want the application itself to monitor it's own logs. The usual practice is to have a separate IDS watching the logs - is there a reason you don't want to take this approach? – Graham Hill Sep 20 '12 at 11:11
No i need to find or develop a separate tool to view and analyze Apache/IIS logs with more ease the closest thing i found was Apache log viewer apacheviewer.com – Ali Ahmad Sep 21 '12 at 7:55
Typically requests for tools or recommendations for tools are not really a great fit for SE sites, partly because at best this would only generate a list of tools, and partly because it would only be current for the immediate future. – AviD Sep 23 '12 at 16:10
In the meantime, I will suggest you check out some of the OWASP tools, e.g. ESAPI and AppSensor. Might be what you're looking for. – AviD Sep 23 '12 at 16:11

closed as not constructive by Polynomial, Terry Chia, Iszi, AviD Sep 23 '12 at 16:11

As it currently stands, this question is not a good fit for our Q&A; format. We expect answers to be supported by facts, references, or specific expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, see the FAQ for guidance.

2 Answers

up vote 1 down vote accepted

Check out http://code.google.com/p/apache-scalp/ (uses PHP IDS)

Scalp! is a log analyzer for the Apache web server that aims to look for security problems. The main idea is to look through huge log files and extract the possible attacks that have been sent through HTTP/GET (By default, Apache does not log the HTTP/POST variable).

share|improve this answer
up vote 1 down vote

Use OSSEC (http://www.ossec.net/) for log analysis & real-time alerting, use logwatch (http://sourceforge.net/projects/logwatch/) for log analysis & report creation OR combine those two approaches: http://www.chrisbrenton.org/2010/02/combining-logwatch-and-ossec/

share|improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.