S
S
scarab2015-08-13 13:50:31
Nginx
scarab, 2015-08-13 13:50:31

Who will advise the web server log analyzer?

Good day, dear All.
Perhaps someone can recommend a web server log analyzer that would be able to accumulate statistics and respond to anomalies. I have come across similar products from the IDS/IPS category, but I haven't seen them specifically for web servers.
Ideally, you want a robot that would initially chew logs, say, for a month, draw conclusions - for example, how many requests per second go to servers on average, their distribution by client IP addresses, by requested URLs, by user agents, and more something - and then, watching the logs in real time, reacted to anomalies - they say, dude, and here they are trying to download your entire site from the IP address 1.2.3.4, but there a tricky DDoS attack of level 7 began.
So far, I managed with various self-written analyzers, the data of which I fed to Zabbix, but the realities of life (the server periodically gives sharp bursts of load, while it is completely unclear what it is connected with) make us think about something more serious.

Answer the question

In order to leave comments, you need to log in

4 answer(s)
K
Konstantin, 2015-08-13
@TheSpbra1n

ru.splunk.com
Suitable not only for web server logs, there is a free option

B
bukass, 2015-08-13
@bukass

Well, syslog-ng, what could be cooler. https://syslog-ng.org/

M
Michael, 2015-08-20
@Singaporian

Statistical analysis:
awstats
webalizer
(but why are they needed now when there is Google Analytics?)
www.valencynetworks.com/articles/top-10-web-log-an...
Security analysis:
apache-scalp
IDA (Intrusion Detection for Apache )
Generally looking what server. they are different and analyzers are different. The situation becomes more complicated if you set a reverse proxy or the web server sends interpreted code to the backend (AJP, [Fast / S] CGI). In short, describe the situation in more detail.

A
Anatoly, 2015-08-20
Ivashina @tiv

ELK Stack (Elasticsearch, Logstash, Kibana)
elastic.co
ELK Stack for Network Operations [RELOADED]
www.networkassassin.com/elk-stack-for-network-oper...

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question