Re: [analog-help] default.ida

Wed, 22 Aug 2001 03:23:10 -0700 

We have a cron set up on our virtual server which each day excerpts 
from our accumulating (monthly) log, and e-mails us, our log for the 
day - from which we run analog locally - (which is manageable since 
we are small and only have 500 regular requests each day)

Then we simply run a delete/count, which gives the number of occurrences

(While keeping just the "default.ida",for the record, we delete the 
rest of the "XXXX" garbage (which has increased our log file size by 
500%)

Our log of occurrences (showing that all these servers just aren't 
getting with it) is:

8/1  -   16
8/2  -   20
8/3  -   34
8/4  -  320
8/5  -  776
8/6  - 1013
8/7  - 1059
8/8  - 1051
8/9  - 1050
8/10 -  998
8/11 -  800
8/12 -  797
8/13 -  850
8/14 -  854
8/15 -  794
8/16 -  771
8/17 -  707
8/18 -  603
8/19 -  639
8/20 -  725

Most of these are one request per recorded server, although 10% are multiples)


John Stokes
Mary's Gardens

------------------------

Aengus writes:

>Coincidentally, I decided to check my logfiles for default.ida requests
>this afternoon, to see if the infection rate is tailing off.
>
>But I quickly ran into a road block, because I couldn't get any time
>reports for 404 codes (we never installed Index server, so there are no
>default.ida files on the servers).
>
>Short of grepping out all the default.ida requests and changing the 404
>codes to 200, can anyone suggest a quick and dirty way to analyse just
>CodeRed traffic? I might extract those requests anyway, so that I can do a
>DNS analysis without wading through millions of other addresses, but if
>anyone has any suggestions, let me know.
>
>Aengus


-- 
+------------------------------------------------------------------------
|  This is the analog-help mailing list. To unsubscribe from this
|  mailing list, go to
|    http://lists.isite.net/listgate/analog-help/unsubscribe.html
|
|  List archives are available at
|    http://www.mail-archive.com/[email protected]/
|    http://lists.isite.net/listgate/analog-help/archives/
|    http://www.tallylist.com/archives/index.cfm/mlist.7
+------------------------------------------------------------------------

Reply via email to