Highest Voted 'log-analysis' Questions - IT Security Stack Exchange

0

votes

1 answer

What are the common features to identify Brute-Force attack from Apache log file?

There are various methods to find attack patterns for different types of attacks. Apache-scalp is one such tool, but the rule set is not available to find the brute-force attack pattern via regular expression. I would love to know the different…

asked Jan 29 '19 at 10:10

Uday

1
4

0

votes

0 answers

Multiple sshd sessions for single SSH login

I was grepping through /var/log/auth.log and noticed that for some reason, not every time, but sometimes when I would log in via SSH I would see entries like the following - where there were multiple sessions opened (at the exact same time) for one…

linux ssh session-management log-analysis

asked Aug 25 '18 at 04:49

uofc

135
7

0

votes

1 answer

I need help finding a list or a reference of DLL's for discovering hijacked programs

I am removing malware from my grandpa's Windows computer using the system internals suite. I suspect he has a Trojan which has been making remote connections and downloading a TON of viruses every day. There are a lot of processes going on and a…

authentication malware windows log-analysis

asked Jul 09 '18 at 23:21

William Guerra

1
1

0

votes

1 answer

Difference between legitimate file transfer vs data exfiltration of confidential files using FTP

I have FTP logs and some other logs assuming that corporate environment is actively monitored. How would I know that user is using ftp to transfer regular file and not using the same to transfer confidential file from an organization. or in other…

data-leakage log-analysis dlp insider-threats

asked Mar 05 '18 at 01:36

Nicz.cool

1
1

0

votes

1 answer

Historical IP reputation data

I have a firewall log with events from 2 years ago. I want to examine that log as if I was investigating at the time of collection (2 years ago). However, I would like to use IP address reputation data. But I was not yet able to find a source that…

firewalls logging log-analysis

asked Jan 20 '18 at 19:34

helt

101
1

0

votes

1 answer

Is this event a security concern: Windows 10: Event 360, User Device Registration?

My computer just froze, and I ended up having to reboot. It appears Windows Defender was coming up with a notification, but that froze as well. I was trying to see what went wrong in the event viewer, and noticed several application hangs (not…

incident-response windows-10 intrusion log-analysis

asked Jul 08 '17 at 14:48

Jonathan

3,157
4
26
42

0

votes

1 answer

How does a person request gmail.com from my server?

I run a number of websites / web services on NGINX with Ubuntu. Today I noticed the following line in my rogue.access.log (I have a separate vhost/log file to catch all requests for websites other than ones I'm expecting): Server: "gmail.com" -…

nginx log-analysis

asked Oct 08 '16 at 15:48

jpl42

103
1

0

votes

1 answer

Are SIEM and NIDS/HIDS complementary?

I just would like to have your feedback if you were involved with Security Information and Event Management. From your experience, do we have to add a SIEM to an existing NIDS (snort) and HIDS (ossec)? It seems to be quite huge and expensive to set…

siem log-analysis soc

asked Aug 08 '16 at 09:00

phackt

1
2

0

votes

0 answers

script for analysis of tcpdump log file

I'm trying to get the following metrics from my tcpdump log file: (1) one-way delay, (2) request/response delay, (3) packet loss, (4) overall transaction duration and (5) delay variation (jitter). For clarification: transaction duration refers to…

tcp smtp ftp icmp log-analysis

asked Nov 19 '15 at 20:28

MSB

266
2
8

-1

votes

2 answers

Data to be Logged in a Web Application

What data should be logged in a web application? From all the perspective such as security, user access, data modification, path traveled by a user in application and anything that matters.

web-application logging log-analysis

asked Sep 01 '15 at 08:43

Ashutosh Singh

111
1

-1

votes

1 answer

How to determine where an attack came from?

I've noticed sometimes that I'd receive very random requests coming to a live server that I'd be hosting in realtime through my log. It would usually look something like: [14/Mar/2019 02:05:36] "GET /php/admin HTTP/1.1" 200 2090 [14/Mar/2019…

attacks vpn webserver anonymity log-analysis

asked Mar 14 '19 at 03:55

Matt Andrzejczuk

99
1

-1

votes

1 answer

Access log of someone using different IPs to send the same type of traffic

I have a magento shop system and I read this in my logs: 206.75.231.xxx - - [14/Dec/2017:19:59:11 +0100] "POST /downloader/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/32.0" 200.128.35.x - -…

ip log-analysis

asked Dec 15 '17 at 09:57

Marcel

1
2

-2

votes

1 answer

Is Private Internet Access (PIA) VPN safe to use?

As said in the PIA website they pretend to have the following VPN features: PPTP, OpenVPN and L2TP/IPSec SOCKS5 Proxy Included No traffic logs So my question are: Is Private Internet Access VPN safe to use? Is there any way to check or to be…

vpn openvpn log-analysis

asked Jan 10 '19 at 15:30

Ced

99
6

-2

votes

2 answers

How to get a thorough view of wireless router's logs?

I am trying to attack my wireless router using Kali Linux for learning purposes. When I check the wireless router's logs after a successful attack, it doesn't show me the logs related to attacks which I made. The logs only reveales which devices…

wifi wireless router log-analysis

asked Apr 18 '18 at 06:51

hardik joshi

11

Questions tagged [log-analysis]