thanks, I´ll give it a try. any other tool? (If it is free it would be better ;-) ) someone has suggested me enVision from RSA ( http://www.rsa.com/node.aspx?id=3170) any feedback about this tool? Other friend has told me about take a look at backtrack ( http://www.backtrack-linux.org/) to check it has a tool to do this. Anyone knows? thanks again ESG 2011/7/27 Gareth Llewellyn <gareth@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> > Try installing Splunk, (be careful to import less than 500mb a day on the > free license) then once all your logs are imported you should be able to > find what you are looking for. > > On 27 Jul 2011 07:37, "ESGLinux" <esggrupos@xxxxxxxxx> wrote: > > Hi All, > > > > I have a problem with a RHEL server and I want to ask you for some > advice. > > I´m not a security expert so I don´t know which can be the best aproach > to > > solve my problem. > > > > The problem is that I have several GigaBytes of Apache logs and I need to > > look for attacks on it to check if the server has been compromised. > > > > I can manually check some possible attack urls and looking for them on > the > > logs, but I´m sure there must be tools or technics to do these in the > > correct way. > > > > So, any idea that can help me? > > > > Thank you very much in advance, > > > > ESG > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
