DevHeads.net

Request for Log samples

I am currently working on creating signatures and rules to collect
events from the Apache web server. I am doing this so that
NitroSecurity can support the Apache web server with the Nitroview SIEM
product line.

To accomplish this, I need as many log samples that I can find of both
the error log and the access log. With the access log, I am looking for
the combined and common log formats.

I have looked for log samples on line but I generally only find generic
single line examples. I am looking for larger log files of the apache
server in production so that I may create a more complete collection of
rules.

If you are able to, please send your log files to me at
<a href="mailto: ... at nitrosecurity dot com"> ... at nitrosecurity dot com</a>

Thanks,

Nathan
This e-mail message and any attachments contain information that is confidential and may be privileged. If the reader of this e-mail is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to this message or by sending an email to <a href="mailto: ... at nitrosecurity dot com"> ... at nitrosecurity dot com</a>, and destroy all copies of this message and any attachments without reading or disclosing them. Thank you.

Comments

Re: Request for Log samples

By =?utf-8?Q?Igor_... at 12/03/2010 - 18:27

Hi Nathan,

Access and Error Log files often contain quite sensitive information,
so hardly anyone (sane) will be very keen on sharing them.

Why can you not use your own log files?
For *your* environment, they should make most sense.

i

Re: Request for Log samples

By Nathan Belk at 12/03/2010 - 18:56

Thanks for the reply.

The rule sets are not for our environment per se. We create the rules
and signatures that go onto the NitroSecurity SIEM products. These
products then are placed on customers' networks which helps keep their
systems secure.

All the apache installations that we have in house are test
installations that do not see much traffic. What we are looking for are
log files as close to real world log samples as possible so that the
rule-set will cover a wide range of events that our customers may encounter.

I understand that there may be sensitive information contained in the
error and access logs. I was not expecting these people would send me
their logs. I was just writing to see if anyone has any logs they
wouldn't mind sharing with me so that I might create a more robust set
of rules.

Thanks!

Nathan

On 12/03/2010 04:27 PM, Igor Galić wrote: