Thanks for the reply.The rule sets are not for our environment per se. We create the rules and signatures that go onto the NitroSecurity SIEM products. These products then are placed on customers' networks which helps keep their systems secure.
All the apache installations that we have in house are test installations that do not see much traffic. What we are looking for are log files as close to real world log samples as possible so that the rule-set will cover a wide range of events that our customers may encounter.
I understand that there may be sensitive information contained in the error and access logs. I was not expecting these people would send me their logs. I was just writing to see if anyone has any logs they wouldn't mind sharing with me so that I might create a more robust set of rules.
Thanks! Nathan On 12/03/2010 04:27 PM, Igor GaliÄ wrote:
Hi Nathan,I am currently working on creating signatures and rules to collect events from the Apache web server. I am doing this so that NitroSecurity can support the Apache web server with the Nitroview SIEM product line. To accomplish this, I need as many log samples that I can find of both the error log and the access log. With the access log, I am looking for the combined and common log formats. I have looked for log samples on line but I generally only find generic single line examples. I am looking for larger log files of the apache server in production so that I may create a more complete collection of rules.Access and Error Log files often contain quite sensitive information, so hardly anyone (sane) will be very keen on sharing them.If you are able to, please send your log files to me at nbelk@xxxxxxxxxxxxxxxxxWhy can you not use your own log files? For *your* environment, they should make most sense.Thanks, Nathani
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx