Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 87144 invoked from network); 3 Dec 2010 23:56:06 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 3 Dec 2010 23:56:06 -0000 Received: (qmail 58462 invoked by uid 500); 3 Dec 2010 23:56:03 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 58413 invoked by uid 500); 3 Dec 2010 23:56:03 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 58405 invoked by uid 99); 3 Dec 2010 23:56:03 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Dec 2010 23:56:03 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of nbelk@nitrosecurity.com designates 67.192.241.155 as permitted sender) Received: from [67.192.241.155] (HELO smtp155.dfw.emailsrvr.com) (67.192.241.155) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Dec 2010 23:55:56 +0000 Received: from smtp5.relay.dfw1a.emailsrvr.com (localhost.localdomain [127.0.0.1]) by smtp5.relay.dfw1a.emailsrvr.com (SMTP Server) with ESMTP id 4F99B58207 for ; Fri, 3 Dec 2010 18:55:33 -0500 (EST) X-SMTPDoctor-Processed: csmtpprox 2.7.3 Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp5.relay.dfw1a.emailsrvr.com (SMTP Server) with ESMTP id 4B584581D8 for ; Fri, 3 Dec 2010 18:55:33 -0500 (EST) X-Virus-Scanned: OK Received: by smtp5.relay.dfw1a.emailsrvr.com (Authenticated sender: nbelk-AT-nitrosecurity.com) with ESMTPSA id 0FCDC5815B for ; Fri, 3 Dec 2010 18:55:32 -0500 (EST) Message-ID: <4CF983B6.7080108@nitrosecurity.com> Date: Fri, 03 Dec 2010 16:56:38 -0700 From: Nathan Belk User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6 MIME-Version: 1.0 To: "users@httpd.apache.org" References: <1313150932.2036.1291418823509.JavaMail.root@iris> In-Reply-To: <1313150932.2036.1291418823509.JavaMail.root@iris> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] Request for Log samples Thanks for the reply. The rule sets are not for our environment per se. We create the rules and signatures that go onto the NitroSecurity SIEM products. These products then are placed on customers' networks which helps keep their systems secure. All the apache installations that we have in house are test installations that do not see much traffic. What we are looking for are log files as close to real world log samples as possible so that the rule-set will cover a wide range of events that our customers may encounter. I understand that there may be sensitive information contained in the error and access logs. I was not expecting these people would send me their logs. I was just writing to see if anyone has any logs they wouldn't mind sharing with me so that I might create a more robust set of rules. Thanks! Nathan On 12/03/2010 04:27 PM, Igor Galić wrote: > Hi Nathan, > >> I am currently working on creating signatures and rules to collect >> events from the Apache web server. I am doing this so that >> NitroSecurity can support the Apache web server with the Nitroview >> SIEM >> product line. >> >> To accomplish this, I need as many log samples that I can find of both >> the error log and the access log. With the access log, I am looking >> for the combined and common log formats. >> >> I have looked for log samples on line but I generally only find >> generic >> single line examples. I am looking for larger log files of the apache >> server in production so that I may create a more complete collection >> of rules. > Access and Error Log files often contain quite sensitive information, > so hardly anyone (sane) will be very keen on sharing them. > >> If you are able to, please send your log files to me at >> nbelk@nitrosecurity.com > Why can you not use your own log files? > For *your* environment, they should make most sense. > >> Thanks, >> >> Nathan > i > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org