LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-05-2014, 06:15 AM   #1
akhilesh_03
LQ Newbie
 
Registered: Apr 2014
Posts: 23

Rep: Reputation: Disabled
Wink Apache log Analyzer


Hi,

Hi All

I have to monitor Apache servers log.Which open source applications are available??

Also if a particular predefined match is found in the log file then it should send alert also via mail.

Thanks in advance

Thanks
 
Old 05-05-2014, 06:26 AM   #2
descendant_command
Senior Member
 
Registered: Mar 2012
Posts: 1,385

Rep: Reputation: 354Reputation: 354Reputation: 354Reputation: 354
From your minimal description it's very hard to tell what you are trying to do, but it sounds like fail2ban will do what you want.
 
Old 05-05-2014, 07:05 AM   #3
Rawcous
Member
 
Registered: Jan 2014
Location: Farnborough, Hampshire - UK
Distribution: Previously 2 * Fedora 18 Servers -> 2 * CentOS 6.7 + random distro testing
Posts: 96

Rep: Reputation: Disabled
Hello akhilesh_03,

If you are simply trying to monitor & proactively block attempted web-server intrusions then as descendant_command indicates then fail2ban is probably what you are after: http://www.fail2ban.org/wiki/index.php/Main_Page You will probably by default find the package in your distro's repository.

If you wish to analyse your website activity in terms of the pages visited,etc.then awstats is the tool for you: http://awstats.sourceforge.net/ It's a great tool that I personally use on my webserver. It provides you with information such as the following:

1. The IP address of the visitor
2. The pages accessed by the visitor
3. The operating system /browser / search engine used by the visitor
4. HTTP status codes


If either of the above is not what you are after then please provide my details.

Regards,

Rich
 
Old 05-06-2014, 12:34 AM   #4
akhilesh_03
LQ Newbie
 
Registered: Apr 2014
Posts: 23

Original Poster
Rep: Reputation: Disabled
Hi,

Thanks Rawcous and descendant_command for your reply.

My task is that I should define a condition and if that particular condition is matched in Apache log then it should generate an alert.(For e.g. if a particular word is match in the Apache log then it should generate an alert)

So for this purpose which log viewer can I use which will generate an alert also if particular match is found in the Apache log.

I hope I was able to explain it properly.

Thanks
 
Old 05-06-2014, 02:35 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531
Quote:
Originally Posted by akhilesh_03 View Post
My task is that I should define a condition and if that particular condition is matched in Apache log then it should generate an alert.(For e.g. if a particular word is match in the Apache log then it should generate an alert)
Fail2ban should be able to do that (Monit or Hobbit probably are overkill unless you need to monitor "service health" or system resources too) or SEC (the Security Event Correllator). Note you basically stated your question again using different words, still that doesn't explain the reason why you need this...
 
Old 05-06-2014, 03:40 AM   #6
descendant_command
Senior Member
 
Registered: Mar 2012
Posts: 1,385

Rep: Reputation: 354Reputation: 354Reputation: 354Reputation: 354
Yes fail2ban.
Just set a custom action than doesn't actually do any banning, but emails, or runs a script or command or whatever suits.
 
Old 05-07-2014, 04:30 AM   #7
akhilesh_03
LQ Newbie
 
Registered: Apr 2014
Posts: 23

Original Poster
Rep: Reputation: Disabled
Hi,

Thak you all for your reply.

I will be thankful if you all could provide me some links related how to use fail2ban.

Thanks
 
Old 05-07-2014, 04:39 AM   #8
Rawcous
Member
 
Registered: Jan 2014
Location: Farnborough, Hampshire - UK
Distribution: Previously 2 * Fedora 18 Servers -> 2 * CentOS 6.7 + random distro testing
Posts: 96

Rep: Reputation: Disabled
Quote:
I will be thankful if you all could provide me some links related how to use fail2ban.
You obviously didn't read my earlier response to your cryptic thread did ya...?

Here it is.... again..... http://www.fail2ban.org/wiki/index.php/Main_Pageb this is the main home page - a quick internet search will provide you with a deluge of real-world examples.

In future:

1. Please be clearer about what you are trying to achieve - you are forgiven if there is a language barrier issue.
2. When people respond and post links - please read them.

Rawcous!
 
Old 05-07-2014, 06:17 AM   #9
akhilesh_03
LQ Newbie
 
Registered: Apr 2014
Posts: 23

Original Poster
Rep: Reputation: Disabled
Hi Rawcous,

Thanks again for your reply...

I read your earlier post but I was expecting some more links from you all linux experts as am new to linux.
What people repond and post links I obviously read and thenafter reply ...

Really my thread is cryptic ??

Thanks
 
Old 05-07-2014, 06:40 AM   #10
Rawcous
Member
 
Registered: Jan 2014
Location: Farnborough, Hampshire - UK
Distribution: Previously 2 * Fedora 18 Servers -> 2 * CentOS 6.7 + random distro testing
Posts: 96

Rep: Reputation: Disabled
Hello akhilesh_03,

Initially you need to research Fail2ban yourself, establish if it will meet your requirements, etc. The best way to do this is to research it yourself via the internet. It's easy enough to use internet search engines for Fail2ban Apache configuration examples. For example: https://www.google.co.uk/#q=fail2ban+apache+example

So perhaps your best plan of action is to combine the resources available on the Fail2ban homepage with search engine examples.

Once you've played around with Fail2ban for a while, and you require assistance with resolving config issues etc. then you will find people more willing to assist - BUT you have to show that you made some effort yourself. People will be more than willing to assist but will not do the work for you.

Rawcous!
 
Old 05-07-2014, 09:04 AM   #11
akhilesh_03
LQ Newbie
 
Registered: Apr 2014
Posts: 23

Original Poster
Rep: Reputation: Disabled
Hi,

Thanks for your guidance Rawcous.

Thanks
 
Old 05-07-2014, 09:35 AM   #12
Habitual
LQ Addict
 
Registered: Jan 2011
Location: Youngstown, Ohio
Distribution: LM17.1/Xfce4.11.8
Posts: 7,185
Blog Entries: 10

Rep: Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981
Quote:
Originally Posted by akhilesh_03 View Post
Hi,

Thak you all for your reply.

I will be thankful if you all could provide me some links related how to use fail2ban.

Thanks
fail2ban and persistence

the default install from repos on most OSs will start working with ssh log scanning.
I suggest doing this in a Virtual Machine or VM.
You will need to install it and see that it works. Use a Search Engine to find example of how to test your fail2ban install using ssh,
something like
Code:
ssh fakeuser@virtual_machine_ip
3 times should get your IP banned in a default fail2ban install/setup.

You can modify any filter provided by the install to suit your needs and you'll need to focus on the filter.d/<my_filter.conf> contents to see if the filter is valid and my blog entry shows you how to test it using "fail2ban-regex".
The /etc/fail2ban/filter.d/w00tw00t.conf example filter in my blog entry is just a copy of another stock provided /etc/fail2ban/filter.d/*.conf that has been modified.

I can't stress enough doing this in a Virtual environment while you become acclimated to the software.
If you don't have the resources for a Virtual Machine, the default install and config is safe enough Out of the Box to use on any system for ssh protection and can easily be modified as a copy to scan Apache Logs for matching criteria.

The /etc/fail2ban/action.d/<my_action.conf> is also just a copy of another stock provided /etc/fail2ban/acion.d/*.conf that you will need to modify to only mail you the results.

Please let us know,
Subscribed with interest.
 
Old 05-26-2014, 03:10 AM   #13
akhilesh_03
LQ Newbie
 
Registered: Apr 2014
Posts: 23

Original Poster
Rep: Reputation: Disabled
Hi All,

Thank you all for your valuable reply.

Thanks
 
Old 05-26-2014, 09:06 AM   #14
Habitual
LQ Addict
 
Registered: Jan 2011
Location: Youngstown, Ohio
Distribution: LM17.1/Xfce4.11.8
Posts: 7,185
Blog Entries: 10

Rep: Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981
See also Getting Started with fail2ban

Good luck.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: GoAccess - Visual apache/Nginx log analyzer LXer Syndicated Linux News 0 10-29-2011 02:02 AM
squid-log analyzer OR a good bandwidth analyzer isaaclw Linux - Server 5 06-16-2010 05:17 AM
Looking for an Apache log analyzer custangro Linux - Enterprise 7 10-13-2009 12:28 PM
log analyzer MrSandman Linux - Software 2 09-26-2004 02:38 AM
gui log analyzer for apache c_mitulescu Linux - Networking 1 01-29-2004 10:36 PM


All times are GMT -5. The time now is 12:37 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration